Re: Freeradius, mysql, please help!!!
Hi, Correct, alan DeKok told me too. I changed it, but it didn't solve the problem. as per other reply change your stored password to clear text and use that to vlidate all is okay before going into more complex setups alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
On Wed, 2006-12-04 at 14:02 -0400, Alan DeKok wrote: YvesDM [EMAIL PROTECTED] wrote: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | steve| User-Password | :=3D | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0= | These are *not* clear-text passwords. They're encrypted passwords. Change the attribute name to Crypt-Password, and it should work. Alan DeKok. You will also need to use Auth-Type := Crypt-Local This has been discussed, an enormous number of times. Please feel free to use Google to search for answers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
On 4/13/06, Guy Fraser [EMAIL PROTECTED] wrote: You will also need to use Auth-Type := Crypt-LocalThis has been discussed, an enormous number of times.Please feel free to use Google to search for answers.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlI really did google for this, but didn't find it.I was messing with all this for one week before actually posting here! Anyway it's working now.Many tnx! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius, mysql, please help!!!
Hi,I'm getting desperate here.I've been trying for a week now to make freeradius work with mysql.Can someone please help me out here?Tnx!some info:debiancompiled freeradius 1.1.1 with mysqlRadius is working fine, i get an Acces-accept packet when i radtest a user from the users fileradius:/var/log/radius# radtest yves test localhost 1812 testing123Sending Access-Request of id 213 to 127.0.0.1 port 1812User-Name = yvesUser-Password = testNAS-IP-Address = 255.255.255.255NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=213, length=20radius:/var/log/radius# I've created some testusers in de mysql database as well (sorry for layout, pasting from the shell) mysql connect radiusReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -AConnection id: 61Current database: radius mysql select * from usergroup;+--+---+--+| UserName | GroupName | priority |+--+---+--+| | general |1 || steve | general |1 | | maureen | general |1 || john | general |1 |+--+---+--+4 rows in set (0.00 sec)mysql select * from radcheck;++--+---+++ | id | UserName | Attribute | op | Value |++--+---+++| 1 | steve | User-Password | := | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 | | 2 | maureen | User-Password | := | $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 || 3 | john | User-Password | := | $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ |++--+---+++ 3 rows in set (0.00 sec)Though when i try to authenticate john (or other from de db),i get a reject packet and i don't know why!radius:/var/log/radius# radtest john test localhost 1812 testing123 Sending Access-Request of id 240 to 127.0.0.1 port 1812User-Name = johnUser-Password = testNAS-IP-Address = 255.255.255.255NAS-Port = 1812Re-sending Access-Request of id 240 to 127.0.0.1 port 1812User-Name = johnUser-Password = test NAS-IP-Address = 255.255.255.255NAS-Port = 1812rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=240, length=20 radius:/var/log/radius# Debug output:radius:/usr/local/dialup_admin/conf# radiusd -XStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.confConfig: including file: /usr/local/etc/raddb/snmp.confConfig: including file: /usr/local/etc/raddb/eap.confConfig: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/localmain: localstatedir = /usr/local/varmain: logdir = /usr/local/var/log/radiusmain: libdir = /usr/local/libmain: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = nomain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.logmain: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null)main: group = (null)main: usercollide = nomain: lower_user = nomain: lower_pass = nomain: nospace_user = nomain: nospace_pass = no main: checkrad = /usr/local/sbin/checkradmain: proxy_requests = yesproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120 proxy: post_proxy_authorize = noproxy: wake_all_if_all_dead = nosecurity: max_attributes = 200security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionary read_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsUsing deprecated realms file. Support for this will go away soon. radiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded execexec: wait = yesexec: program = (null)exec: input_pairs = requestexec: output_pairs = (null) exec: packet_type = (null)rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded PAP pap: encryption_scheme = cryptModule: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAPmschap: use_mppe = yesmschap: require_encryption = no mschap: require_strong = nomschap: with_ntdomain_hack = nomschap: passwd = (null)mschap: authtype = MS-CHAPmschap: ntlm_auth = (null)Module: Instantiated mschap (mschap) Module: Loaded Systemunix: cache = nounix: passwd = (null)unix: shadow = (null)unix: group = (null)unix: radwtmp = /usr/local/var/log/radius/radwtmp unix:
Re: Freeradius, mysql, please help!!!
YvesDM [EMAIL PROTECTED] wrote: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | steve| User-Password | :=3D | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0= | These are *not* clear-text passwords. They're encrypted passwords. Change the attribute name to Crypt-Password, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
Hi, I've created some testusers in de mysql database as well (sorry for layout, pasting from the shell) mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | steve| User-Password | := | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 | | 2 | maureen | User-Password | := | $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 | | 3 | john | User-Password | := | $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ | ++--+---+++ Though when i try to authenticate john (or other from de db), i get a reject packet and i don't know why! radius:/var/log/radius# radtest john test localhost 1812 testing123 Sending Access-Request of id 240 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 240 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=240, length=20 radius:/var/log/radius# ummm. I'm not too certain here but wasnt the password you defined in the mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ if this is a crypted password then surely the attribute is Crypt-Password rather than User-Password? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
On 4/12/06, Alan DeKok [EMAIL PROTECTED] wrote: YvesDM [EMAIL PROTECTED] wrote: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value| ++--+---+++ |1 | steve| User-Password | :=3D | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0=|These are *not* clear-text passwords.They're encrypted passwords. Change the attribute name to Crypt-Password, and it shouldwork.Alan DeKok.Tnx for the reply, but it didn't solve my problem.mysql select * from radcheck; ++--++++| id | UserName | Attribute | op | Value |++--++++ | 1 | steve | User-Password | := | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 || 2 | maureen | Crypt-Password | := | $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 || 3 | john | Crypt-Password | := | $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ | ++--++++3 rows in set (0.00 sec)mysql quitByeradius:/usr/local/etc/raddb# radtest john test localhost 1812 testing123Sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=213, length=20radius:/usr/local/etc/raddb# radtest maureen test localhost 1812 testing123 Sending Access-Request of id 219 to 127.0.0.1 port 1812 User-Name = maureen User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812Re-sending Access-Request of id 219 to 127.0.0.1 port 1812 User-Name = maureen User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=219, length=20 radius:/usr/local/etc/raddb# Any other suggestions?Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
On 4/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi,ummm. I'm not too certain here but wasnt the password you defined in the mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/if this is a crypted password then surely the attribute is Crypt-Passwordrather than User-Password?alan-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlCorrect, alan DeKok told me too. I changed it, but it didn't solve the problem.tnxyves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius, mysql, please help!!!
--- YvesDM [EMAIL PROTECTED] wrote: On 4/12/06, Alan DeKok [EMAIL PROTECTED] wrote: YvesDM [EMAIL PROTECTED] wrote: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | steve| User-Password | :=3D | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0= | These are *not* clear-text passwords. They're encrypted passwords. Change the attribute name to Crypt-Password, and it should work. Alan DeKok. Tnx for the reply, but it didn't solve my problem. mysql select * from radcheck; ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | steve| User-Password | := | $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 | | 2 | maureen | Crypt-Password | := | $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 | | 3 | john | Crypt-Password | := | $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ | ++--++++ 3 rows in set (0.00 sec) mysql quit Bye radius:/usr/local/etc/raddb# radtest john test localhost 1812 testing123 Sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 213 to 127.0.0.1 port 1812 User-Name = john User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=213, length=20 radius:/usr/local/etc/raddb# radtest maureen test localhost 1812 testing123 Sending Access-Request of id 219 to 127.0.0.1 port 1812 User-Name = maureen User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 219 to 127.0.0.1 port 1812 User-Name = maureen User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=219, length=20 radius:/usr/local/etc/raddb# Any other suggestions? Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Try switching everything back to clear text, with User-Password attribute and *clear text passwords* and see if anybody can auth that way. Laker __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html