Hi all,
This is my first post. I'm trying to make a AAA server based on
freeRadius and MySQL. After I configure radius server and run server in
debug mode, I get some problem with rlm_sql about User-Password and
Chap-Password. It seems that the server can't expand User-Password and
Chap-Password. I don't know what's the problem. I hope that someones
will give me advices.
Here's my output from Radiusd -X command.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=32,
length=205
Sending duplicate reply to client RDLAB port 1026 - ID: 32
Sending Access-Challenge of id 32 to 192.168.0.6 port 1026
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33,
length=205
User-Name = "hung"
NAS-IP-Address = 192.168.0.6
NAS-Port = 0
Called-Station-Id = "00-02-6F-59-85-C7:RADIUS_TEST"
Calling-Station-Id = "00-17-C4-8C-2C-C8"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020a002b19001703010020abe3291179889948f4ed41e6b8102d58aae4dc0f8400550f1d2d2fe050cc2dcb
State = 0x296e680f21647160f77444525cb5459d
Message-Authenticator = 0xe4889cb8f5e0e5104d92e7d3b13eef2a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client RDLAB port 0 cli 00-17-C4-8C-2C-C8)
+- entering group post-auth {...}
[sql] expand: %{Stripped-User-Name} ->
[sql] expand: %{User-Name} -> hung
[sql] expand: %{%{User-Name}:-DEFAULT} -> hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> hung
[sql] sql_set_user escaped user --> 'hung'
[*sql] expand: %{User-Password} ->
[sql] expand: %{Chap-Password} -> *
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
*rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column
'username' in 'field list'*
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> hung
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33,
length=205
Waiting to send Access-Reject to client RDLAB port 1026 - ID: 33
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 33 to 192.168.0.6 port 1026
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.6 seconds.
Best,
Vu Hung,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
