I'm sure I am missing something simple and probably obvious. Now that I have installed freeradius (2.1.9-1.fc13.i686) and imported the mysql schema and populated it with a test user, I would like to know if there are some basic config instructions for telling freeradius to actually use the users from the db rather than the /etc/raddb/users file?
radtest testing1 guest 127.0.0.1 0 testing123 results in rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=27, length=20 but if I put my "testing1" user in /etc/raddb/users it accepts the login ok. I'm not real clear on what data I need in the db. What is the minimum to create a valid test? NAS info? I tried following http://wiki.freeradius.org/SQL_HOWTO but the radius server doesn't seem to be talking to mysql. In my troubleshooting, I added "sql" at the bottom of the "instantiate" section in the /etc/raddb/radiusd.conf file (Is this the proper way to get them talking?), and now radiusd does seem to communicate with mysql, but although it successfully logs in it doesn't seem to interact with the user data to authorize anything. It seems there is something else I need to add to the config files to make radius look to mysql rather than a users file for the data. (I would like to have freeradius log all the authorization info to mysql as well, but first things first...) My `radcheck` table contains: INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1, 'testing1', 'Cleartext-Password', ':=', 'guest'); Some of the output from radiusd -X ... including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf ... radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } Module: Linked to module rlm_sql Module: Instantiating sql sql { driver = "rlm_sql_mysql" server = "localhost" port = "" login = "rad1" password = "rad1" radius_db = "rad1" read_groups = yes sqltrace = no sqltracefile = "/var/log/radius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "%{User-Name}" default_user_profile = "" nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" ... } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to r...@localhost:/rad1 rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 } radiusd: #### Loading Virtual Servers #### ... radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Ready to process requests. ... Running radtest from the terminal: radtest testing1 guest 127.0.0.1 0 testing123 Sending Access-Request of id 66 to 127.0.0.1 port 1812 User-Name = "testing1" User-Password = "guest" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=66, length=20 ... rad_recv: Access-Request packet from host 127.0.0.1 port 41218, id=66, length=60 User-Name = "testing1" User-Password = "guest" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testing1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testing1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 66 to 127.0.0.1 port 41218 Waking up in 4.9 seconds. Cleaning up request 1 ID 66 with timestamp +360 Ready to process requests. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Tying-radius-to-mysql-tp3212438p3212438.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
