Freeradius+MySql (Authorization Query) - regexp
Hi I am using the following query for authorization and I am getting the error 1064 from MySql (PARSE ERROR). But when I am giving the same query replacing the variables with values, I am getting the output. Can someone explain me why. (select id,UserName,Attribute,Value,op from ${authreply_table} where username='%{SQL-User-Name}') union (select id,UserName, Attribute, concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) Value,op from ${authreply_table}, pb_tariffs,surcharge where \%{Called-Station-Id}\ regexp concat(^,de_prefix) and value like 'h323-credit-amount=%' and username='%{SQL-User-Name}' and dnis='%{Calling-Station-Id}' order by de_prefix desc limit 1) I am getting the error after adding 'regexp' to the query. Thanks, Kiran Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql (Authorization Query) - regexp
=?iso-8859-1?q?Kiran?= [EMAIL PROTECTED] wrote: I am using the following query for authorization and I am getting the error 1064 from MySql (PARSE ERROR). But when I am giving the same query replacing the variables with values, I am getting the output. Can someone explain me why. Look at the SQL debug log file. It will have the queries with the variables replaced by values. (select id,UserName,Attribute,Value,op from ${authreply_table} where username='%{SQL-User-Name}') union (select id,UserName, Attribute, concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) Value,op from ${authreply_table}, pb_tariffs,surcharge where \%{Called-Station-Id}\ regexp concat(^... A double quote inside of a double-quoted string? I am getting the error after adding 'regexp' to the query. Then what you added is the source of the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius mysql simultaneous-use question URGENT
'sql' is listed in the accounting section. Anyway I figured out that I was testing it incorrectly using NTRadping for I was testing for double logins by using Accounting (start/stop) as the Request typeinstead of using Authentication Request as the request type. I have successfully tested it and it works well now :) Thanks! Soujanya From: "Alan DeKok" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: freeradius mysql simultaneous-use question URGENT=20 Date: Tue, 16 Dec 2003 16:33:11 -0500 Reply-To: [EMAIL PROTECTED]=20 Soujanya Rao [EMAIL PROTECTED] wrote: Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done.=20=20 Ensure that 'sql' is listed in the 'accounting' section.=20 Run: radiusd -X=20 Alan DeKok. Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
freeradius mysql simultaneous-use question URGENT
Hi, I am new to freeradius. I need some help in using simultaneous-use for detecting double logins using mysql only. Here is my current set up: select * from radgroup check ++--- +---++---+| id | GroupName | Attribute | op | Value |+++++---+ | 2 | static | Auth-Type | == | Local |+++++---+| 4 | static | Simultaneous-Use | := | 1 |++++-++ select * from usergroup ++-+-+| id | UserName | GroupName |++-+-+| 33 | PW006 | static |++--++ select * from radcheck ++---+++--+| id | UserName | Attribute | op | Value |++---+++--+| 18 | PW006 | Password | == |abcd |++---++-+-+ In my radius.conf I have a set up like this: session { sql} In sql.conf, the "Simultaneous Use Checking Queries" are uncommented I am using NTRadping to test for simultaneous-use and am failing to do so! I am doing an accounting start using NTRadPing for the same user with adifferent NAS-IP-Address (Additional RADIUS attributes)and a different port NAS-Port (additional RADIUS attribute). Though simultaneous-use is setup the user is not stopped for double login at all. It creates two entries in the radaact table and when I run accounting stop it updates the relevant radacct records with the AcctStopTime. Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done. The sqltrace.log does not show that the uncommented statements in sql.conf are executed. How do I make sure that they get executed. Also please let me know if this is a correct procedure for testing the same. Thanks in advance, Soujanya . Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Re: freeradius mysql simultaneous-use question URGENT
Soujanya Rao [EMAIL PROTECTED] wrote: Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done. Ensure that 'sql' is listed in the 'accounting' section. Run: radiusd -X Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Am Sam, 2003-11-15 um 04.03 schrieb Rob Hinst: Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: [...] Please post the debugging output (radiusd -X) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Ulrich, Below is the full output from radiusd -X. On Mon, 2003-11-17 at 04:22, Ulrich Walcher wrote: Am Sam, 2003-11-15 um 04.03 schrieb Rob Hinst: Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: [...] Please post the debugging output (radiusd -X) Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = root main: group = root main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = yes preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = yes Module: Instantiated preprocess (preprocess) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = mail sql: password = eXo2003 sql: radius_db = exomail sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = yes sql: sqltracefile = /var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{Stripped-User-Name} sql: default_user_profile = dialup sql: query_on_not_found = yes sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 sql: accounting_start_query = INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Maybe those lines mean something... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
On Mon, 2003-11-17 at 10:17, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Maybe those lines mean something... Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | robtest | Password | == | test | ++--+---++---+ and my usergroup table looks like this: ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | robtest | dialup| ++--+---+ I assumed that this means that radiusd will check for a response for the user named robtest in radreply (which is currently empty), and then fall back to use the default group settings for the group named dialup. My radgroupreplay table looks like this: ++---+++-+--+ | id | GroupName | Attribute | op | Value | prio | ++---+++-+--+ | 1 | dialup| Framed-Compression | := | Van-Jacobsen-TCP-IP |0 | | 2 | dialup| Framed-Protocol| := | PPP |0 | | 3 | dialup| Service-Type | := | Framed-User |0 | | 4 | dialup| Framed-MTU | := | 1500|0 | ++---+++-+--+ Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). Thanks, Rob Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: The error messages were definitive, in that they showed the 'xlat' routine returning *nothing*. Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). To me, it doesn't look like the SQL database is being queried at all. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Alan, Thanks for the response, sorry to be a continuing pest, but I've added a few additional comments/questions inline: On Mon, 2003-11-17 at 11:25, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: The error messages were definitive, in that they showed the 'xlat' routine returning *nothing*. Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). To me, it doesn't look like the SQL database is being queried at all. Right. In my original e-mail, I said that the sql database isn't being queried at all. I set up query logging and nothing was coming across. As you can see from the debug output, however, the server is successfully making the connections to sql when the sql module initializes. This is what the authorize and authenticate sections of my radiusd.conf file look like. Basically, I had it working properly off of the unx passwd file, and then i added sql to the authorize section and removed files. I also removed unix from the authenticate section. Can you offer any suggestions as to why the server wouldn't even attempt to query sql? authorize { preprocess sql } authenticate { Auth-Type PAP { pap } } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. On Mon, 2003-11-17 at 11:25, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: The error messages were definitive, in that they showed the 'xlat' routine returning *nothing*. Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). To me, it doesn't look like the SQL database is being queried at all. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. It's the dynamic translation of strings in the configuration file. See 'sql.conf' for the SQL queries. The attribute names there get dynamically replaced with the values of those attributes from the packet. It looks to me like the SQL queries are empty or undefined. Therefore, they're never performed, and the user is always unknown. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: This is what the authorize and authenticate sections of my radiusd.conf file look like. Basically, I had it working properly off of the unx passwd file, and then i added sql to the authorize section and removed files. I also removed unix from the authenticate section. Can you offer any suggestions as to why the server wouldn't even attempt to query sql? Because the queries aren't defined, or there is an error processing them. e.g. The queries require some attribute which isn't in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Thanks very much, I'll try to figure out the rest on my own. On Mon, 2003-11-17 at 11:51, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. It's the dynamic translation of strings in the configuration file. See 'sql.conf' for the SQL queries. The attribute names there get dynamically replaced with the values of those attributes from the packet. It looks to me like the SQL queries are empty or undefined. Therefore, they're never performed, and the user is always unknown. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Alan, Thanks again. I managed to get it working by changing this line: sql_user_name = %{Stripped-User-Name} to this: sql_user_name = %{User-Name} I just have one last question. Is there any simple way (a config setting) to enable encrypted passwords in sql, or do I have to do some hacking around in the sql statements to make it work? -Rob On Mon, 2003-11-17 at 11:53, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: This is what the authorize and authenticate sections of my radiusd.conf file look like. Basically, I had it working properly off of the unx passwd file, and then i added sql to the authorize section and removed files. I also removed unix from the authenticate section. Can you offer any suggestions as to why the server wouldn't even attempt to query sql? Because the queries aren't defined, or there is an error processing them. e.g. The queries require some attribute which isn't in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
nevermind. figured that out too. feel free to flame me on that one. didn't bother to look around first. ;) On Mon, 2003-11-17 at 12:32, Rob Hinst wrote: Hi Alan, Thanks again. I managed to get it working by changing this line: sql_user_name = %{Stripped-User-Name} to this: sql_user_name = %{User-Name} I just have one last question. Is there any simple way (a config setting) to enable encrypted passwords in sql, or do I have to do some hacking around in the sql statements to make it work? -Rob On Mon, 2003-11-17 at 11:53, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: This is what the authorize and authenticate sections of my radiusd.conf file look like. Basically, I had it working properly off of the unx passwd file, and then i added sql to the authorize section and removed files. I also removed unix from the authenticate section. Can you offer any suggestions as to why the server wouldn't even attempt to query sql? Because the queries aren't defined, or there is an error processing them. e.g. The queries require some attribute which isn't in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Do you have this on your clients.conf file ? client 127.0.0.1 { secret = test shortname = localhost nastype = other # localhost isn't usually a NAS... } Without this, radius will reject packets from localhost. []´s Marcio - Original Message - From: Rob Hinst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 15, 2003 12:03 AM Subject: freeradius + mysql problems Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: radtest robtest test localhost 0 testing123 and i get the following result: Sending Access-Request of id 170 to 127.0.0.1:1812 User-Name = robtest User-Password = test NAS-IP-Address = radius.mydomain.com (changed the domain) NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=170, length=20 Here is a snippet of the output produced when i run in debug mode: rad_recv: Access-Request packet from host 127.0.0.1:32819, id=170, length=59 User-Name = robtest User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. And here's the only entry in my radcheck table: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | robtest | Password | == | test | ++--+---++---+ Debug mode doesn't seem to provide very verbose output when it comes time to call the sql module. I turned on sqltrace in my sql module configuration file, but no queries are showing up. I even turned on query logging on my MySQL server and none show up, which means it's not even getting to the part where it tries to find a matching user in the radcheck table. What could be preventing it from getting it that far? Any suggestions would be greatly appreciated. I've been working on this for several days now and haven't made much progress. I hope I've done enough footwork on my own to keep away the flames :) Thanks in advance, Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Marcio, Actually, my clients.conf file has the following entry, since the secret i was using with radtest is testing123 and not test: client 127.0.0.1 { secret = testing123 shortname = localhost nastype = other # localhost isn't usually a NAS... } Thanks for the response. Any other takers? Rob On Sat, 2003-11-15 at 08:35, Marcio R A Garcia wrote: Do you have this on your clients.conf file ? client 127.0.0.1 { secret = test shortname = localhost nastype = other # localhost isn't usually a NAS... } Without this, radius will reject packets from localhost. []s Marcio - Original Message - From: Rob Hinst [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 15, 2003 12:03 AM Subject: freeradius + mysql problems Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: radtest robtest test localhost 0 testing123 and i get the following result: Sending Access-Request of id 170 to 127.0.0.1:1812 User-Name = robtest User-Password = test NAS-IP-Address = radius.mydomain.com (changed the domain) NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=170, length=20 Here is a snippet of the output produced when i run in debug mode: rad_recv: Access-Request packet from host 127.0.0.1:32819, id=170, length=59 User-Name = robtest User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. And here's the only entry in my radcheck table: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | robtest | Password | == | test | ++--+---++---+ Debug mode doesn't seem to provide very verbose output when it comes time to call the sql module. I turned on sqltrace in my sql module configuration file, but no queries are showing up. I even turned on query logging on my MySQL server and none show up, which means it's not even getting to the part where it tries to find a matching user in the radcheck table. What could be preventing it from getting it that far? Any suggestions would be greatly appreciated. I've been working on this for several days now and haven't made much progress. I hope I've done enough footwork on my own to keep away the flames :) Thanks in advance, Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + mysql problems
Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: radtest robtest test localhost 0 testing123 and i get the following result: Sending Access-Request of id 170 to 127.0.0.1:1812 User-Name = robtest User-Password = test NAS-IP-Address = radius.mydomain.com (changed the domain) NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=170, length=20 Here is a snippet of the output produced when i run in debug mode: rad_recv: Access-Request packet from host 127.0.0.1:32819, id=170, length=59 User-Name = robtest User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. And here's the only entry in my radcheck table: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | robtest | Password | == | test | ++--+---++---+ Debug mode doesn't seem to provide very verbose output when it comes time to call the sql module. I turned on sqltrace in my sql module configuration file, but no queries are showing up. I even turned on query logging on my MySQL server and none show up, which means it's not even getting to the part where it tries to find a matching user in the radcheck table. What could be preventing it from getting it that far? Any suggestions would be greatly appreciated. I've been working on this for several days now and haven't made much progress. I hope I've done enough footwork on my own to keep away the flames :) Thanks in advance, Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius,mysql,dns server
Hello, We have here many DSL user. The radius of the Providers, inquires with our radius. A radtest with the Provider returns the following: rad_recv: Access-Accept packet from host aaa.aaa.aaa.aaa:1812, id=16, length=62 Framed-MTU = 1445 Service-Type = Framed-User Framed-Protocol = PPP Client_DNS_Pri = 195.129.111.50 Client_DNS_Sec = 195.129.111.49 In the radreply can i ovride the mtu, that works fine. But, white someone as I still to now reach can, which the Client_DNS_Pri are also overwritten and which gets user other one Client_DNS_Pri assigned? Sorry for my bad english, I hope you can understand my Problem. -- mario - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
Hi ! I'm trying to setup FreeRadius with mysql but get a reject message: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=22, length=20 Output ftom radiusd -X : rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded radutmp radutmp: filename = /usr/local/radius/var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:33456, id=2, length=58 User-Name = pulsar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. SQL module instaled. Instalation instructions from http://poptop.sourceforge.net/dox/radius_mysql.html Any ideas? Working config samples ? Thanks -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
Check http://www.frontios.com/freeradius.html Am Die, 2003-10-21 um 11.05 schrieb Alexey Sheshka: Hi ! I'm trying to setup FreeRadius with mysql but get a reject message: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=22, length=20 Output ftom radiusd -X : rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded radutmp radutmp: filename = /usr/local/radius/var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:33456, id=2, length=58 User-Name = pulsar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. SQL module instaled. Instalation instructions from http://poptop.sourceforge.net/dox/radius_mysql.html Any ideas? Working config samples ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: {snip} auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. SQL module instaled. Instalation instructions from http://poptop.sourceforge.net/dox/radius_mysql.html Any ideas? Working config samples ? Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there isn't. Thanks -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP key at http://swordbreaker.systemec.nl/~shadur/shadur.key.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: {snip} auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. SQL module instaled. Instalation instructions from http://poptop.sourceforge.net/dox/radius_mysql.html Any ideas? Working config samples ? Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ I need something else ? -- Sheshka Aleksey Senior Security Administrator PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On 21 Oct 2003 11:10:01 +0200 Ulrich Walcher [EMAIL PROTECTED] wrote: Check http://www.frontios.com/freeradius.html Thanks, I know about this manual. -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: {snip} auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. SQL module instaled. Instalation instructions from http://poptop.sourceforge.net/dox/radius_mysql.html Any ideas? Working config samples ? Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ I need something else ? -- Sheshka Aleksey Senior Security Administrator PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
In other news for Tue, Oct 21, 2003 at 12:29:05PM +0300, Alexey Sheshka has been seen typing: On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there ^ -- This is a hint. isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ Hmm, no Auth-Type attribute set. I need something else ? Yup. -- Sheshka Aleksey Senior Security Administrator -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP key at http://swordbreaker.systemec.nl/~shadur/shadur.key.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On Tue, 21 Oct 2003 11:42:51 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:29:05PM +0300, Alexey Sheshka has been seen typing: On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there ^ -- This is a hint. isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ Hmm, no Auth-Type attribute set. I need something else ? Yup. mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ Accordind documentation ... -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | 49 | 49| | 2 | 1| 1 | | 3 | wanghao | bvst |//look this ++--+---+ 3 rows in set (0.04 sec) mysql select * from radcheck; ++--+---++-+ | id | UserName | Attribute | op | Value | ++--+---++-+ | 1 | 49 | 80| == | 49 | | 2 | 1| Password | == | 1 | | 3 | wanghao | Password | == | wanghao |//look this ++--+---++-+ 3 rows in set (0.01 sec) - Original Message - From: Alexey Sheshka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 6:11 PM Subject: Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request On Tue, 21 Oct 2003 11:42:51 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:29:05PM +0300, Alexey Sheshka has been seen typing: On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there ^ -- This is a hint. isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ Hmm, no Auth-Type attribute set. I need something else ? Yup. mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ Accordind documentation ... -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On Tue, 21 Oct 2003 18:13:03 +0800 wanghao [EMAIL PROTECTED] wrote: mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | 49 | 49| | 2 | 1| 1 | | 3 | wanghao | bvst |//look this ++--+---+ 3 rows in set (0.04 sec) mysql select * from radcheck; ++--+---++-+ | id | UserName | Attribute | op | Value | ++--+---++-+ | 1 | 49 | 80| == | 49 | | 2 | 1| Password | == | 1 | | 3 | wanghao | Password | == | wanghao |//look this ++--+---++-+ 3 rows in set (0.01 sec) mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | pulsar | static| ++--+---+ I think trouble somethere in config ... There is no quererys to MySQL server ... - Original Message - From: Alexey Sheshka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 6:11 PM Subject: Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request On Tue, 21 Oct 2003 11:42:51 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:29:05PM +0300, Alexey Sheshka has been seen typing: On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there ^ -- This is a hint. isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ Hmm, no Auth-Type attribute set. I need something else ? Yup. mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ Accordind documentation ... -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
yes but my english no good .pls look this: accounting { # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily unix# wtmp file sql # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There's little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool } this is my radiusd.conf - Original Message - From: Alexey Sheshka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 6:35 PM Subject: Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request On Tue, 21 Oct 2003 18:13:03 +0800 wanghao [EMAIL PROTECTED] wrote: mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | 49 | 49| | 2 | 1| 1 | | 3 | wanghao | bvst |//look this ++--+---+ 3 rows in set (0.04 sec) mysql select * from radcheck; ++--+---++-+ | id | UserName | Attribute | op | Value | ++--+---++-+ | 1 | 49 | 80| == | 49 | | 2 | 1| Password | == | 1 | | 3 | wanghao | Password | == | wanghao |//look this ++--+---++-+ 3 rows in set (0.01 sec) mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | pulsar | static| ++--+---+ I think trouble somethere in config ... There is no quererys to MySQL server ... - Original Message - From: Alexey Sheshka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 6:11 PM Subject: Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request On Tue, 21 Oct 2003 11:42:51 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:29:05PM +0300, Alexey Sheshka has been seen typing: On Tue, 21 Oct 2003 11:13:23 +0200 [EMAIL PROTECTED] (Rens Houben) wrote: In other news for Tue, Oct 21, 2003 at 12:05:19PM +0300, Alexey Sheshka has been seen typing: Try this from a database prompt: SELECT * FROM radcheck WHERE username=pulsar; and see if there's an Auth-Type entry in the result. I'm betting there ^ -- This is a hint. isn't. MySQL return : mysql SELECT * FROM radcheck WHERE username=pulsar; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | pulsar | Password | == | 123456 | ++--+---+++ Hmm, no Auth-Type attribute set. I need something else ? Yup. mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ Accordind documentation ... -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+ mysql = No authenticate method (Auth-Type) configuration found for the request
On Tue, 21 Oct 2003 18:36:10 +0800 wanghao [EMAIL PROTECTED] wrote: yes but my english no good .pls look this: accounting { # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily unix# wtmp file sql # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There's little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool } this is my radiusd.conf - Original Message - in my config this lines olso presents .. -- Sheshka Aleksey Senior Security Administrator PGP key : http://pgp.dtype.org:11371/pks/lookup?op=getsearch=0x0BE90515 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql Expiration problem
On Wed, 8 Oct 2003, net.art communications GmbH wrote: Hello, Can anybody help me? Password Expiration is not work here. In userfile work this fine, but not in MySql. mysql SELECT * FROM radcheck; ++--+++--+ | id | UserName | Attribute | op | Value| ++--+++--+ | 1 | bob | Password | == | testing | | 2 | bob | Expiration | := | 8 Oct 2003 | ++--+++--+ is this correct? You have to use the == operator for Expiration due to the way it is implemented in freeradius (through a registered comapre function). -- Mario - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeBSD +freeradius +mysql
Hi, Thanks so much for the reply this is exactly what I need. If you could post the freeradius.sql file aswell it would be most appreciated. Once again thanks Doron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergio Jose Ferreira Sent: 01 October 2003 11:15 PM To: [EMAIL PROTECTED] Subject: RES: FreeBSD +freeradius +mysql Hi Doron, You can get my config files from www.ispadmin.com.br/downloads.html The page is in Portuguese-Brazil, but willl be easy to view files. If you need, I have a freeradius.sql for to populate radgroupcheck and radgroupreply regards, Sergio Jose Ferreira WGO Internet Catalao - Go - Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de Doron Shmaryahu Enviada em: quarta-feira, 1 de outubro de 2003 18:03 Para: [EMAIL PROTECTED] Assunto: FreeBSD +freeradius +mysql Hi All, I have made several attemps at getting Freeradius with mysql authentication on Freebsd working. These attempts have all been in vain. Does anyone on this list have a howto and a copy of working config files any tips tricks any info would be really appreciated. Thanks Doron
RES: FreeBSD +freeradius +mysql
Hi Doron, You can get my config files from www.ispadmin.com.br/downloads.html The page is in Portuguese-Brazil, but willl be easy to view files. If you need, I have a freeradius.sql for to populate radgroupcheck and radgroupreply regards, Sergio Jose Ferreira WGO Internet Catalao - Go - Brazil -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de Doron ShmaryahuEnviada em: quarta-feira, 1 de outubro de 2003 18:03Para: [EMAIL PROTECTED]Assunto: FreeBSD +freeradius +mysql Hi All, I have made several attemps at getting Freeradius with mysql authentication on Freebsd working. These attempts have all been in vain. Does anyone on this list have a howto and a copy of working config files any tips tricks any info would be really appreciated. Thanks Doron
FreeBSD +freeradius +mysql
Hi All, I have made several attemps at getting Freeradius with mysql authentication on Freebsd working. These attempts have all been in vain. Does anyone on this list have a howto and a copy of working config files any tips tricks any info would be really appreciated. Thanks Doron
Freeradius+MySql+Cisco (Accounting)
Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql+Cisco (Accounting)
I didn't test it but did you try to add a semicolon and the next statement? I don't know if the accounting part is coded in another way than the authorization part, but in authorization it works... Am Mon, 2003-09-15 um 16.00 schrieb Kiran: Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql+Cisco (Accounting)
I tried in the following ways 1. accounting_stop_query = insert into ;insert into... it has thrown the error saying the sql statement was incorrect :( 2. accounting_stop_query = insert into ;insert into... it has just taken the first query and not the second one. --- Ulrich Walcher [EMAIL PROTECTED] wrote: I didn't test it but did you try to add a semicolon and the next statement? I don't know if the accounting part is coded in another way than the authorization part, but in authorization it works... Am Mon, 2003-09-15 um 16.00 schrieb Kiran: Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + mysql + minicom Test
En réponse à [EMAIL PROTECTED] : sorry for my poor english (im Brasilian), well, i'm starting at freeradius and mysql, i've installed freeradius + mysql following the www.frontios.com/freeradius.html howto, seems all ok, localy with radtest radius returns a message of OK using the table in mysql, but i want to test the authentication and logging (radacct) with mysql. Well, i heard that this test can be done with minicom + portslave localy, without the necessity of a modem installed, it true? if .. someone that already have passed of this it could help me? If I'm not misunderstanding, you just want to send accounting packets to you freeradius server and want to see whether accounting packets goes in your database. This simple script shell should be convenient. Just replace the IP address of your freeradius server (and the username / password / secret if you've changed the default configuration). #!/bin/sh # steve authenticates cat EOF | radclient -x 172.16.16.17 auth testing123 User-Name = steve User-Password = testing NAS-IP-Address = localhost NAS-Port = 0 EOF # steve starts accounting cat EOF | radclient -x 172.16.16.17 acct testing123 NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Start EOF # steve is doing something else sleep 1 # steve stops accounting cat EOF | radclient -x 172.16.16.17 acct testing123 NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Stop EOF -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + mysql + minicom Test
This simple script shell should be convenient. Just replace the IP address of your freeradius server (and the username / password / secret if you've changed the default configuration). What I posted earlier is ugly and could be like this: #!/bin/sh # steve authenticates radclient -x 172.16.16.17 auth testing123 EOF User-Name = steve User-Password = testing NAS-IP-Address = localhost NAS-Port = 0 EOF # steve starts accounting radclient -x 172.16.16.17 acct testing123 EOF NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Start EOF # steve is doing something else sleep 1 # steve stops accounting radclient -x 172.16.16.17 acct testing123 EOF NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Stop EOF -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + mysql + minicom Test
Hi list, sorry for my poor english (im Brasilian), well, i'm starting at freeradius and mysql, i've installed freeradius + mysql following the www.frontios.com/freeradius.html howto, seems all ok, localy with radtest radius returns a message of OK using the table in mysql, but i want to test the authentication and logging (radacct) with mysql. Well, i heard that this test can be done with minicom + portslave localy, without the necessity of a modem installed, it true? if .. someone that already have passed of this it could help me? thanks! and sorry again... - Reinaldo Andrade Campo Grande - MS - Brasil
Freeradius + Mysql
I'm usingFreeradius and have some problems that don't let me sleep..:-) I want to authentificate our users not only by username and passwort, I need to check alsoNAS-IP-Address or Called-Station-ID. This I need to manage different NAS with one Radius, the users only have to get access to one NAS. But this does not seem to work. Why? The User can everytime login into the NAS, with the correct Checkitem or without them.. The Radius seem to ignore the aditional Checkitems and it makes not sense if they are in the radchecktable or in the radgroupchecktable. Only Username and Password are checked. Wath I'm doing wrong?? Any Idea? Please help me! Lucas Nascimento
Re: Freeradius + Mysql
1, you're sending formatted text to a mailing list. I know you think that blue color is pretty, but _don't_ do that. 2, you haven't run the server in debug mode to see what it's trying to do (...or not do) 3, you haven't provided any snippet of a configuration. It doesn't work is a pretty broad problem statement. Cut and paste the definition for ONE user (or the default if that's all you're using). Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center A four-year-old will very quickly get over news of the death of Santa if told that it was due to his fully loaded sleigh crashing in the back garden. -- Mil Millington L U C A S [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 09/09/2003 03:43 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Freeradius + Mysql I'm using Freeradius and have some problems that don't let me sleep..:-) I want to authentificate our users not only by username and passwort, I need to check also NAS-IP-Address or Called-Station-ID. This I need to manage different NAS with one Radius, the users only have to get access to one NAS. But this does not seem to work. Why? The User can everytime login into the NAS, with the correct Checkitem or without them.. The Radius seem to ignore the aditional Checkitems and it makes not sense if they are in the radchecktable or in the radgroupchecktable. Only Username and Password are checked. Wath I'm doing wrong?? Any Idea? Please help me! Lucas Nascimento - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + Mysql
How do I deny access to a specificgroup of users in Mysql, using Nas-Ip-Address or Called-Station-Id? I haveNAS1for dial-up access andNAS2 for cable, but user´s from NAS1 can connect in cable. It´s wrong, ok?? Help me. Lucas PS: In radgroupcheck I put ('1',dial-up,'Nas-Ip-Address','==','my-NAS-ip') and don´t work.
Re: freeradius+mysql prepaid (block time)
I have freeradius running and authenticating/accounting via mysql. Very slick. Me too :) I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I did the following: For auth, I used Exec-Program-Wait for every user. The script that gets executed calculates the left time and volume realtime. For acct, I used Exec-Program which updates the total used amount of the user realtime. I've searched the web and found some references to some python hacks but not really come across anything concrete. I didn't find anything either, except that there's a Perl module in FreeRadius 0.9.0, but still unstable and not compiled in by default. When I have time, I'll give the Perl module a try. Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql prepaid (block time)
On Tue August 26 2003 07:41, Scott wrote: I have freeradius running and authenticating/accounting via mysql. Very slick. I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I've searched the web and found some references to some python hacks but not really come across anything concrete. It shouldn't be too difficult to do with some stored procedures on your DB, but as you are using MySQL you will probably have to do it another way. A small amount of Perl or Python could also do it.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql prepaid (block time)
rlm_sqlcounter is what you need to use in radius.conf look at counter section also look at sqlcounter.conf I'm sure there are some topics in the mail archive as well (but I wouldn't swear to it) From: Scott [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: freeradius+mysql prepaid (block time) Date: Tue, 26 Aug 2003 00:41:54 -0400 I have freeradius running and authenticating/accounting via mysql. Very slick. I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I've searched the web and found some references to some python hacks but not really come across anything concrete. Thanks! Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius - MySQL
From: Dave Sent: Saturday, 12 July 2003 7:08 AM I'm using Freeradius with MySQL. It's run fine but freeradius doesn't seems to write in the AcctTerminateCause field in the Accounting table when there's a failed login. This make the Failed Login page of Dialup Admin empty with no records. Is there any additional configuration to freeradius in order to write this informations into the accounting table? The rest of the infos get into it, example: SessionTime, CallerID etc... If you get a failed login, why would you get any Accounting record at all? -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius - MySQL
On Fri, 11 Jul 2003, Dave wrote: Hi, I'm using Freeradius with MySQL. It's run fine but freeradius doesn't seems to write in the AcctTerminateCause field in the Accounting table when there's a failed login. This make the Failed Login page of Dialup Admin empty with no records. You should run dialupadmin/bin/log_badlogins for that to happen. Is there any additional configuration to freeradius in order to write this informations into the accounting table? The rest of the infos get into it, example: SessionTime, CallerID etc... Thanks a Lot, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius - MySQL
Hi, I'm using Freeradius with MySQL. It's run fine but freeradius doesn't seems to write in the AcctTerminateCause field in the Accounting table when there's a failed login. This make the Failed Login page of Dialup Admin empty with no records. Is there any additional configuration to freeradius in order to write this informations into the accounting table? The rest of the infos get into it, example: SessionTime, CallerID etc... Thanks a Lot, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius - MySQL
Dave [EMAIL PROTECTED] wrote: I'm using Freeradius with MySQL. It's run fine but freeradius doesn't seems to write in the AcctTerminateCause field in the Accounting table when there's a failed login. Does it *recieve* that attribute? Do the SQL queries update that field? Did you try running the server in debugging mode to answer both previous questions? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
md5 + freeradius + mysql
Hello, how to use md5+radius+mysql, currently I use crypt of linux, but want to use md5. in radiusd.conf, modified an option in pap for md5 but he did not advance, what I can make? Thank's Sorry, but my english is terrible! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: md5 + freeradius + mysql
From: [EMAIL PROTECTED] Sent: Wednesday, 9 July 2003 9:38 PM how to use md5+radius+mysql, currently I use crypt of linux, but want to use md5. in radiusd.conf, modified an option in pap for md5 but he did not advance, what I can make? What do you mean by 'did not advance'? In what way did it fail? -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: md5 + freeradius + mysql
From: [EMAIL PROTECTED] Sent: Thursday, 10 July 2003 3:45 AM From: [EMAIL PROTECTED] Sent: Wednesday, 9 July 2003 9:38 PM how to use md5+radius+mysql, currently I use crypt of linux, but want to use md5. in radiusd.conf, modified an option in pap for md5 but he did not advance, what I can make? What do you mean by 'did not advance'? In what way did it fail? yes, password incorrect! OK, now's the time to post some config snippets, database bits and debugging output. I'm running the same thing (I think) but I never hit any problems with it that I can recall. I recall that I may have hit one, but I can't recall it. :-) -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: md5 + freeradius + mysql
more help??? - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 6:02 PM Subject: RE: md5 + freeradius + mysql From: [EMAIL PROTECTED] Sent: Thursday, 10 July 2003 3:45 AM From: [EMAIL PROTECTED] Sent: Wednesday, 9 July 2003 9:38 PM how to use md5+radius+mysql, currently I use crypt of linux, but want to use md5. in radiusd.conf, modified an option in pap for md5 but he did not advance, what I can make? What do you mean by 'did not advance'? In what way did it fail? yes, password incorrect! OK, now's the time to post some config snippets, database bits and debugging output. I'm running the same thing (I think) but I never hit any problems with it that I can recall. I recall that I may have hit one, but I can't recall it. :-) -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + Mysql + Dialup Admin problem
Hello everyone and sorry cause this is gonna be a little bit long , I am having a problem making Freeradius , Dialup Admin and Mysql work correctly . I am using Freeradius v 0.8.1 and mysql verion 3.23.49 in a RedHat 7.3 Linux . I had no problem setting up radius to work authenticating from users file , and from mysql using a very good tutorial from http://www.frontios.com/freeradius.html; . After I installed and start using Dialup Admin I can't get it to work. The passwords stored in mysql are encrypted in a strange way . For example using crypt encryption the password stored in the database is this :$1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 After learning a little bit about crypt and md5 encryption I can say that this doesn't look correct to me . I run the following little script for the same password and using st as salt for the encryption . perl -e 'print crypt( asd123, st),\n;' stn/LmaCw8SMU I changed a little bit the ./lib/crypt/crypt.php3 in order to give me the correct encrypted password but it still doesn't work . I use the radtest program to check the authentication . Here is the log I get when running radiusd -X : ---RadiusLog-- rad_recv: Access-Request packet from host 127.0.0.1:1033, id=211, length=56 User-Name = szax User-Password = asd123 NAS-IP-Address = 255.255.255.255 NAS-Port = 11 modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_realm: No '@' in User-Name = szax, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'szax' rlm_sql (sql): sql_set_user escaped user -- 'szax' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'szax' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'szax' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'szax' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'szax' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'szax' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'szax' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'szax' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'szax' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Pairs do not match for user [szax] rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 211 to 127.0.0.1:1033 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 211 with timestamp 3efaa83e Nothing to do. Sleeping until we see a request. --Radius Log- I think that the problem is in this line : rlm_sql (sql): Pairs do not match for user [szax] If however I edit the Value field in radcheck table and replace it with a plain text password it works ok . If anyone understand what is going wrong and could give me a hint , I would very much appreciate it cause I am running out of time for this project ... Thanx in advance . -- Nickitas [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Mysql + Dialup Admin problem
On Thu, Jun 26, 2003 at 11:21:58AM +0300, Nickitas wrote: The passwords stored in mysql are encrypted in a strange way . For example using crypt encryption the password stored in the database is this :$1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 this is an md5 password created with glibc crypt. its ok. After learning a little bit about crypt and md5 encryption I can say that this doesn't look correct to me . I run the following little script for the same password and using st as salt for the encryption . perl -e 'print crypt( asd123, st),\n;' stn/LmaCw8SMU you are not using the seed of the abouve md5ed password. try: [10:[EMAIL PROTECTED]:radiusd perl -e 'print crypt( asd123, \$1\$JLBPzLpM),\n;' $1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 looks fine. I changed a little bit the ./lib/crypt/crypt.php3 in order to give me the correct encrypted password but it still doesn't work . man crypt gives you more hints about what crypt can do. I think that the problem is in this line : rlm_sql (sql): Pairs do not match for user [szax] What are the check pairs for this user? Auth-Type := Crypt-Local, Crypt-Password == $1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 should work as check pairs. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Mysql + Dialup Admin problem
It works ok , thank you very much :) On Thu, 2003-06-26 at 11:30, Oliver Graf wrote: On Thu, Jun 26, 2003 at 11:21:58AM +0300, Nickitas wrote: The passwords stored in mysql are encrypted in a strange way . For example using crypt encryption the password stored in the database is this :$1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 this is an md5 password created with glibc crypt. its ok. After learning a little bit about crypt and md5 encryption I can say that this doesn't look correct to me . I run the following little script for the same password and using st as salt for the encryption . perl -e 'print crypt( asd123, st),\n;' stn/LmaCw8SMU you are not using the seed of the abouve md5ed password. try: [10:[EMAIL PROTECTED]:radiusd perl -e 'print crypt( asd123, \$1\$JLBPzLpM),\n;' $1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 looks fine. I changed a little bit the ./lib/crypt/crypt.php3 in order to give me the correct encrypted password but it still doesn't work . man crypt gives you more hints about what crypt can do. I think that the problem is in this line : rlm_sql (sql): Pairs do not match for user [szax] What are the check pairs for this user? Auth-Type := Crypt-Local, Crypt-Password == $1$JLBPzLpM$hHtpEcBBpJiuzxs7RLr1P0 should work as check pairs. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nickitas [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius/mysql can't browse but everything else seems to work
I am a freeradius newbie just installed 0.8.1 with mysql users can authenticate from mysql or users file ...several differing solutions tried see radiud -X output below. (specifically users chris - mysql , brian -mysql and bert -user file.) Everything seems to work ok except browsing on port 80 mail and browsing on ssl/https is ok. Seeems to be acting like its proxying but as far as I can tell I've disabled proxy. Forgot to say my NAS is a max 4000 which works ok with ieradius. I am probably missing something glaringly obvious but I haven't looked at radius recently before this exploit. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radius main: group = radius main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = yes preprocess: ascend_channels_per_line = 32 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 195.188.182.222 sql: port = sql: login = root sql: password = 4nkl3s0ck5 sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = no sql: sqltracefile = /var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 25 sql: sql_user_name = %{Stripped-User-Name:-%{User-Name:-none}} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 sql: accounting_start_query = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
Re: freeradius/mysql can't browse but everything else seems to work
FreeRadius wouldn't stop users from being able to browse, bottom line. Your NAS may be doing something funky, and the fact that the bert user who logs in last at the bottom of your -X seems to be getting the filter std.ppp applied to his connection makes me wonder. Make sure your NAS isn't busted and if you are doing filtering that it's sane and not dropping traffic that shouldn't be dropped. -Original Message- From: UK1 Webmail Customer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 11 Jun 2003 17:29:46 - (UTC) Subject: freeradius/mysql can't browse but everything else seems to work I am a freeradius newbie just installed 0.8.1 with mysql users can authenticate from mysql or users file ...several differing solutions tried see radiud -X output below. (specifically users chris - mysql , brian -mysql and bert -user file.) Everything seems to work ok except browsing on port 80 mail and browsing on ssl/https is ok. Seeems to be acting like its proxying but as far as I can tell I've disabled proxy. Forgot to say my NAS is a max 4000 which works ok with ieradius. I am probably missing something glaringly obvious but I haven't looked at radius recently before this exploit. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radius main: group = radius main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = yes preprocess: ascend_channels_per_line = 32 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 195.188.182.222 sql: port = sql: login = root sql: password = 4nkl3s0ck5 sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = no sql: sqltracefile = /var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 25 sql: sql_user_name = %{Stripped-User-Name:-%{User-Name:-none}} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgro upcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgro upreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username
Re: freeradius/mysql can't browse but everything else seems to work
On Wed, Jun 11, 2003 at 12:35:22PM -0400, Jason Lixfeld wrote: FreeRadius wouldn't stop users from being able to browse, bottom line. Your NAS may be doing something funky, and the fact that the bert user who logs in last at the bottom of your -X seems to be getting the filter std.ppp applied to his connection makes me wonder. Make sure your NAS isn't busted and if you are doing filtering that it's sane and not dropping traffic that shouldn't be dropped. Also note that all users come from sql, except bert comes from files... perhaps theres the problem? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
convert citron radius accounting file to freeradius mysql
Hi all, I'm looking for a script that reads citron radius log file and dump into the FR mysql database. Thanks, Chhai - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius MySQL Authenthication problem
Hi, I'm working with Quintum Tenor GateWay/GateKeeper and have a problem:For user authenthication, Quintum sends two packets: Authentication ana Authorization.I'm using MySQL with freeRadius and can't understand how can my radius understand whether comes Authentication and whether Authorization request, because in SQL module I can define only one query for Authentication/Authorization request (radcheck, radreply, etc.) Can anybody help me... what should i do? Should I use two SQL modules or somehow tell for existing SQL module whether which query to use? How can i define these two types of queries?
Re: FreeRADIUS MYSQL solve it :)
Carlo Tovazzi wrote: try to launch ./configure in /freeradius-0.8.1/src/modules/rlm_sql/ probably is absent the rlm module for sql rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search ath of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I sure this part is working the accounting is working with mysql just not auth -- Travis M. Best Systems Administrator SunQwest Internet Services 1040 Walnut St Sunbury, PA 17801 Phone: 866-344-9509 Direct: 570-279-1746 -- This message has been scanned for viruses and dangerous content by SunQwest MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trying to do accounting on freeradius+mysql
Iq wrote: I will appreciate any help on how can I get accounting done on the data in mysql (even an sql query will do), for the moment I am using plain text files and getting accounting done by Optigold ISP log parser. I want customers to check their usgae using a web base interface. why don't you just take the example in sql.conf ? AcctSessionTime is the duration, AcctInputOctetd and OutputOctets are the transfered data. 'hope this help, @+ -- DouRiX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scyld-Beowulf 2 server cluster on RH Linux 8.x with Raid + Hotspare + IC-Radius/FreeRadius + MySQL latest versions.
Hi All, forgive me if this cross-over question is partly due elsewhere - I really do need some assistance here, or advice at least. Flame me at your leisure! First of all, I have Freeradius latest version working with MySQL latest version. I have the following setup in mind: I just ordered the basic Scyld-Beowulf CD from Linux Central to start testing next week, and I have inquired a number of quotes for a 2-server mountrack situation, with RAID-1/5+ Hotspare configuration, on SCSI (probably Adaptec) RAID-controllers and drives. I am planning to run Red Hat Linux 8.x as an OS, on which I presumably can install all the necessary Scyld RPM's, or at least update the software that comes with the (2001?) Scyld CD from linux Central. The plan is to run a 2-server fail-over config running as a primary daemon either FreeRadius or IC-Radius, which processes I plan to manage with the cluster software from scyld. If it can be done I do not know - but the docs suggest it may. The Radius will obviously do accounting and Authorisation / Authentication for Radius clients coming from our link, and I will have a MySQL database on both servers that will replicate the data involved. Can this be done, clustering with any version of Radius (Open-Sourced) I have to test everything, so I hope the feedback may be of value. Now I'm not the expert here, and would love any comments or pointers you may want to give me - I am sideposting on all kinds of lists right now with various questions, meanwhile reading my eyes out but the more advice the better I guess, as I am about to propose on a few fat servers, mountracked for hosting this setup. I will feedback my experience to anyone who may be interested, or write a readme afterwards. If that means I am trying to re-invent the wheel, please let me know. thanks so much folks! Regards, Marnix Petrarca DaemonLabs.com / Galaxy The Netherlands __ The information contained in this electronic mail message is privileged and confidential, and is intended only for use of the addressee. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. This email has been scanned for all viruses by the MessageLabs SkyScan service. Any possible virus has been removed from this email message. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Scyld-Beowulf 2 server cluster on RH Linux 8.x with Raid + Hotspare + IC-Radius/FreeRadius + MySQL latest versions.
03-Jan-03 at 17:54, Marnix Petrarca ([EMAIL PROTECTED]) wrote : First of all, I have Freeradius latest version working with MySQL latest version. The plan is to run a 2-server fail-over config running as a primary daemon either FreeRadius or IC-Radius, which processes I plan to manage with the cluster software from scyld. If it can be done I do not know - but the docs suggest it may. The Radius will obviously do accounting and Authorisation / Authentication for Radius clients coming from our link, and I will have a MySQL database on both servers that will replicate the data involved. Can this be done, clustering with any version of Radius (Open-Sourced) I have to test everything, so I hope the feedback may be of value. Usually a cluster shares storage space and is more akin to a multi-processor single machine than anything else, so there's no reason FreeRadius won't work in that kind of setup, with one or more MySQL servers replicating data and used as fallbacks. See the configurable_failover file in the docs/ directory of the tarball. That should get you everything you can reasonably digest before you actually get the cluster working. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Linux+freeradius+mysql
Hi everyone, tried freeradius with mysql, got it working but how do I get usage details out of radacct table. Is there a query provided anywhere. I made two sessions and got both of them in radacct. Bellow is a copy of what I got in radacct mysql select * from radacct where Username='iraja'; +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress | NASPortId | NASPortType | AcctStartTime | AcctStopTime| AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStopDelay | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | 2 | 7100034B | | iraja| | 203.14.183.2 |12 | Async | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 | 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |1399 | 1064 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.11 | 0 | 0 | | 4 | 7100034C | | iraja| | 203.14.183.2 |11 | Async | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS | 159179 | 1355687 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.12 | 0 | 0 | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ 2 rows in set (0.00 sec) mysql If you have any questions or comments, kindly do not hesitate to contact us at Golden IT. kind regards, Internet Services Administrator Golden IT Ph: +61 (3) 97052511 Fax: +61 (3) 97052544 Email: [EMAIL PROTECTED] Web: www.goldenit.net.au - Please advise the originator by telephone (03)9705 2511 in the event that this transmission is incomplete. IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511 and destroy it immediately. This email may contain Information which is confidential or which is subject to legal professional privilege. You must not use this email or the Information in it. Any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 28, 2002 2:30 PM Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load (Novoselsky Alexander) 2. Re: User Configuartion Help and Interesting Scenario (Alan Wong) 3. Re: EAP/TLS testing: SSL_set_my_callback (Artur Hecker) 4. Re: SSL_read Error: EAP-TLS (Artur Hecker) 5. RE: use freeradius to clear line (Chhai Thach) 6. RE: use freeradius to clear line (Chhai Thach) 7. Please Confirm Your $10,000 Entries! ([EMAIL PROTECTED]) 8. Recommend-It: PLS REPLY to CONFIRM [[EMAIL PROTECTED]/6947] (Recommend-It Confirmation Bot) 9. Can I do eap/tls use 2 wire NIC and cisco 2950? (Huter.Liu) 10. Re: Recommend-It: PLS REPLY to CONFIRM [[EMAIL PROTECTED]/6947] ([EMAIL PROTECTED]) --__--__-- Message: 1 From: Novoselsky Alexander [EMAIL PROTECTED] To: '[EMAIL
RE: How to configure between FreeRadius MySQL ?
Take a look at http://www.frontios.com/freeradius.html for some information. Its a little dated, but is still OK (although youll need to read it all and put it in the right order). S. Scott Bartlett BTA Limited, 100 High Street Wandsworth, London SW18 4LA, United Kingdom e: [EMAIL PROTECTED] v: +44 (0)20 8871 4240 f: +44 (0)20 8871 4584 Network Consultancy and Support for Windows, MacOS and Linux. Internet connectivity, solutions, web/database development and business services. http://www.bta.com. -Original Message- From: Yi-Wen Liu [mailto:[EMAIL PROTECTED]] Posted At: 24 November 2002 07:25 Posted To: FreeRadius Conversation: How to configure between FreeRadius MySQL ? Subject: How to configure between FreeRadius MySQL ? Hi folks: I want to use MySQL as name password database, but I don't know how to configure. Could someone give me files which are needed to modify or teach me how to configure ? Thanks a lot! Best Regards Tim Liu --- This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of BTA Ltd.
Re: FreeRADIUS, MySQL, radgroup check, Login-Time fails
[EMAIL PROTECTED] wrote: I read the notes on this on the frontios site, and there was a mention of the need to add field op type varchar(2) to the radcheck and radgroupcheck tables, for version 0.5 and newer, but I'm only running 0.4. Does anyone have any ideas or do I need to supply more information? Any help is very much appreciated. Don't run v0.4. Grab 0.7.1, and fill in the 'op' fields. They're required for anything more than trivial configurations. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS, MySQL, radgroup check, Login-Time fails
Greetings, Here's my problem. I hope someone can help, I'm beating my head on the table. I apologize for the length, but I want to be as clear and complete as possible to make it easier to answer. I'm using freeradius 0.4 and the freeradius-mysql and the radiud-freeradius-mysql packages download from Debian Woody. This addon allows the setup of tables for your database. This has been working great for the last 4-5 months, so I assume that things are okay with the database, tables, etc. I have added users to the radcheck and they authenticate correctly. What I want to do now is create a group of users who can only login from 8:00am till 6:00pm. I added a row to the usergroup table containing the user's name to the UserName column and put daytime in the GroupName column. This creates a relationship between a user's name and a group they belong to...correct??? I can log in with this account correctly...no problem. Now, I go to the radgroupcheck table (which I believe gets checked next after the person's name links it to that group, and tests the attribute/value pairs in it). I think that I can add a GroupName, Login-Time and some value (string) for that group. For example, if a row in the table usergroup with columns named: id type int (10), UserName type varchar (30), GroupName type varchar (30) has the values any integer, bob, daytime , that means that bob is part of a group name daytime...correct?? Then, if the table radgroupcheck with columns named: id type int (10), GroupName type varchar (30) Attribute type varchar (40) Value type varchar (40) has values of any integer, daytime, Login-Time, 0800-1800, that means that anyone part of group daytime will be allowed to login between 8:00am and 6:00pmcorrect??? Well, when I add these entries from the example above to the radgroupcheck table, the authentication always fails, no matter what value I enter for Value. I read the notes on this on the frontios site, and there was a mention of the need to add field op type varchar(2) to the radcheck and radgroupcheck tables, for version 0.5 and newer, but I'm only running 0.4. Does anyone have any ideas or do I need to supply more information? Any help is very much appreciated. Sincerely, Rodney Fluharty [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
i use freeradius-0.4 to AAA a dialup realm (@realm) (should work for 0.4+ i guess, it's a relly simple setup) and here's what works for me: --radiusd.conf-- ... modules { ... preprocess { ... hints = ${confdir}/hints ... } ... $INCLUDE ${confdir}/sql.conf ... } ... authorize { preprocess sql } authenticate { sql } ... -- i use the preprocess to strip the realm (i have usernames of the kind usr@realm, and i service only myrealm, so i keep usernames stripped). --hints-- ... DEFAULT Suffix = @myrealm, Strip-User-Name = Yes Hint = @myrealm, Service-Type = Framed-User, Framed-Protocol = PPP ... -- and finaly, the mysql tables: --radcheck-- ... | 928 | rtieva | Password | s2wSv3ss | ... -- Clear text passwords ?? - I just love answering the question: What my password was ? other tables, i believe, are irrelevant to this case. i guess i could use some table for setting Service-Type and Framed-Protocol (and other VAs as well), but since hints takes care of it why poison the db? access times for different users is done via Exec-Program-Wait from radgroupreply table. script does extensive checks, but that also is not relevant to the case... hope it helps. On Thursday 12 September 2002 19:18, you wrote: NetNITCO Systems Administration [EMAIL PROTECTED] wrote: but I need to be able to authenticate with user/passwords from MySQL. so, what do you need pam for ?! changes, trying database data changes to no avail. My last option is to try Radiator, which I have installed the demo for, but I'm not comfortable with i'd stick with the freeradius ... but that's me. It seems that I must just be missing something very simple, but I just can't put my finger on it. it's often this way :-) --Josh Snyder NetNITCO Systems Administration -- Konstantin Tsolov Systems Administrator Information Services PLC Sofia, Bulgaria - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
At 04:59 PM 9/19/2002 +0300, Konstantin Tsolov wrote: i use freeradius-0.4 to AAA a dialup realm (realm) (should work for 0.4+ i guess, it's a relly simple setup) and here's what works for me: Lot's of fixes are incorporated into recent releases. The server is now up to version 0.7.1. You should upgrade to a recent release before reporting any problems. You're not likely to find much assistance debugging such an old release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
:-) thank you, Chris! On Thursday 19 September 2002 18:12, you wrote: At 04:59 PM 9/19/2002 +0300, Konstantin Tsolov wrote: i use freeradius-0.4 to AAA a dialup realm (realm) (should work for 0.4+ i guess, it's a relly simple setup) and here's what works for me: Lot's of fixes are incorporated into recent releases. The server is now up to version 0.7.1. You should upgrade to a recent release before reporting any problems. You're not likely to find much assistance debugging such an old release. there really was no need for answering this posting... -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Konstantin Tsolov Systems Administrator Information Services PLC Sofia, Bulgaria - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
At 04:59 PM 9/19/2002 +0300, Konstantin Tsolov wrote: i use freeradius-0.4 to AAA a dialup realm (realm) (should work for 0.4+ i guess, it's a relly simple setup) and here's what works for me: I think he was answering my original post from 09/11/2002 and offering a copy of his configs. Lot's of fixes are incorporated into recent releases. The server is now up to version 0.7.1. You should upgrade to a recent release before reporting any problems. You're not likely to find much assistance debugging such an old release. I upgraded from 0.7 to 0.7.1. Making this upgrade corrected the problems I was having. I'm now having problems with accounting on one of my NASs and was hoping somebody may be able to offer some assistance. Please see post with subject Accounting Signature Error. Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
At 11:19 AM 9/19/2002 -0500, NetNITCO Systems Administration wrote: At 04:59 PM 9/19/2002 +0300, Konstantin Tsolov wrote: i use freeradius-0.4 to AAA a dialup realm (realm) (should work for 0.4+ i guess, it's a relly simple setup) and here's what works for me: I think he was answering my original post from 09/11/2002 and offering a copy of his configs. Yes. That's what I get for answering posts before my first cup of coffee. :) Lot's of fixes are incorporated into recent releases. The server is now up to version 0.7.1. You should upgrade to a recent release before reporting any problems. You're not likely to find much assistance debugging such an old release. I upgraded from 0.7 to 0.7.1. Making this upgrade corrected the problems I was having. Right. Glad to hear! I'm now having problems with accounting on one of my NASs and was hoping somebody may be able to offer some assistance. Please see post with subject Accounting Signature Error. Do you have other NAS of this same type? Are they running the same software releases? If not, it's possible it's an older release of software for it, that with many vendors didn't properly sign Accounting messages. You may want to look into a possible software upgrade for the NAS. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql php scripts
On 12 Sep 2002, bart wrote: Hi, Iv just upgraded our radiusd server to freeradius 7.1, Iv started uesing MySQL accounting, still authing from passwd file for now. The MySQL accounting worked first time and works great. So I'm not reinventing the wheel, dose any one have some (php?) scripts to work with the MySQL accounting data. I'm looking for a script so users them self can look at there usage etc etc. Thanks Daniel Well, you can use the dialup_admin interface. It is mostly aimed at admins and not end users but there is one page user_state.php3 which will output a few information about the user's accounting which can be used by another page to display them. If you really need to show complete accounting to your users you could also edit the user_accounting.php3 page to output the information you want. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
rlm_sql: Pairs do not match [test1] rlm_sql: Released sql socket id: 0 modcall[authorize]: module sql returns notfound I'm a bit rusty on this, but I don't think a lot of the SQL stuff, like setting the Auth-Type, is going to work until you fix this portion. I agree. I wish I could. Freeradius has worked fine for me if I wanted to authenticate users from user/password in flat file and accounting in MySQL but I need to be able to authenticate with user/passwords from MySQL. If I cannot do that, then I'll be forced to look at another solution such as Radiator, which is not free. Does anybody use Freeradius, storing accounting and user/passwords in MySQL, and use PAP for authentication? I would assume that this should be fairly simple to configure, but the solution eludes me. Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
I use Postgresql on 0.5, but apart from that ... Here's a cut-down version of the config I use, if it's any help. Note that my PAP section is commented out; from memory, yours had encryption_scheme set to clear. Are you defining 'Auth-Type' in your sql database? If so, could you please show me what that definition looks like in the sql database? Are you defining a group in the radgroupcheck with the 'Auth-Type' declared and then associating users in your database with that group? Or, are you defining a DEFAULT 'Auth-Type' somewhere like the users file and obtaining the user/passwords from your Postgres database? If that's the way you're doing it, then I would appreciate any additional information you have on configuring that. I have attempted to use the 'files' module in 'authenticate' so that is sees the 'Auth-Type' defined there, however, once it determines the default 'Auth-Type' it doesn't seem to recognize the user/password combination from the sql database? Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
NetNITCO Systems Administration [EMAIL PROTECTED] wrote: but I need to be able to authenticate with user/passwords from MySQL. No, you don't. You do NOT want to give your users accounts to log in to your MySQL server. You want to pull the user's authorization items from MySQL (e.g. Password). You then want to use another method to authenticate them. I would assume that this should be fairly simple to configure, but the solution eludes me. I would recommend reading the debugging output of the server. If the sql module returns 'notfound' for a user, then it means that the users configuration was not found in the MySQL database. Fix that, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
NetNITCO Systems Administration [EMAIL PROTECTED] wrote: but I need to be able to authenticate with user/passwords from MySQL. No, you don't. You do NOT want to give your users accounts to log in to your MySQL server. You want to pull the user's authorization items from MySQL (e.g. Password). You then want to use another method to authenticate them. That is what I meant. I would not have assumed to actually add every user as a MySQL user, but to enter their user/password data into the 'radius' database. I would recommend reading the debugging output of the server. If the sql module returns 'notfound' for a user, then it means that the users configuration was not found in the MySQL database. Fix that, and it should work. I have in fact read the debugging info and I'm not quite sure what to think of it. I have manually executed the sql statements that are output with the debug info and all of the information appears to be coming back appropriately. I'm not sure if I do not have enough entries in the tables in the database or if I have the incorrect entries or if I have not used the correct operators. I'm completely at a loss as to what to do or where to even start debugging more, if that's possible. I'm under orders to implement a radius solution with user/passwords stored in MySQL to replace the current Merit/LDAP setup and I only have a certain amount of time in which to do this. I have tried ICRadius, which I was able to get to authenticate, however, the I was unable to get the limitation of Simultaneous-Use working, so that's not feasible, I've been working with Freeradius all day, every day this week and I'm still unable to unauthenticate from user information stored in MySQL. I've spent every day reading through the archives, posting to the list, trying configuration changes, trying database data changes to no avail. My last option is to try Radiator, which I have installed the demo for, but I'm not comfortable with anything regarding its configuration or database structure. It seems that I must just be missing something very simple, but I just can't put my finger on it. Sorry, I got caught in the ramble. This has been quite frustrating. I appreciate all of the help everybody has provided. If anybody comes up with any ideas, or has any configuration and database layout information that they would like to share, please feel free to email me. Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius/mysql unable to ascertain Auth-Type from mysql
Alright, I have spent the better part of a day going through the list archives and I believe that I have configured FreeRadius correctly for using MySQL for authentication and accounting, however, I still get the following when trying to authenticate a user: rlm_sql: Pairs do not match [test1] rlm_sql: Released sql socket id: 3 modcall[authorize]: module sql returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. I have the following configured in radiusd.conf: pap { encryption_scheme = clear } authorize { preprocess suffix sql } authenticate { authtype PAP { pap } } preacct { preprocess suffix } accounting { detail sql radutmp } session { sql } I have the following configured in MySQL table 'radcheck': ++--+---+---+--+ | id | UserName | Attribute | Value | op | ++--+---+---+--+ | 1 | test1| User-Password | test1 | == | ++--+---+---+--+ I have the following configured in MySQL table 'radgroupcheck': ++---+--+---+--+ | id | GroupName | Attribute| Value | op | ++---+--+---+--+ | 1 | DialUp| Simultaneous-Use | 1 | =| | 3 | DialUp| Auth-Type| PAP | := | ++---+--+---+--+ I have the following configured in MySQL table 'radgroupreply': ++---++-+--+--+ | id | GroupName | Attribute | Value | op | prio | ++---++-+--+--+ | 1 | DialUp| Service-Type | Framed-User | == |0 | | 2 | DialUp| Framed-Protocol| PPP | == |0 | | 3 | DialUp| Framed-IP-Address | 255.255.255.254 | =|0 | | 4 | DialUp| Framed-IP-Netmask | 255.255.255.255 | =|0 | | 5 | DialUp| Framed-Routing | None| =|0 | | 6 | DialUp| Framed-Compression | Van-Jacobson-TCP-IP | =|0 | | 7 | DialUp| Framed-MTU | 1500| =|0 | | 10 | DialUp| Fall-Through | Yes | =|0 | ++---++-+--+--+ Lastly, I have the following configured in MySQL table 'usergroup': ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | test1| DialUp| ++--+---+ From reading through the list archives from late July early August through current, I believe my configuration are correct, with the exception of the prio column, which I did find one post with MySQL that had a question regarding prio, but it did not explain what that is for. Please, any help that anybody can offer would be greatly appreciated. Thank You. --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/MySQL Authentication Problem
Alright, everything seems to be working fine now from my previous post regarding initial configuration of Freeradius 0.7 and MySQL, however, now I cannot authenticate a user. I'm not sure what I'm supposed to set Auth-Type to or where I'm supposed to set it. Read the 'users' file that comes with the server. The Auth-Type attribute tells the server HOW the user is to be authenticated. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/MySQL Authentication Problem
Read the 'users' file that comes with the server. The Auth-Type attribute tells the server HOW the user is to be authenticated. I currently have the following in the users file: DEFAULT Auth-Type := PAP Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP Is this what you were talking about Alan? --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/MySQL Authentication Problem
NetNITCO Systems Administration [EMAIL PROTECTED] wrote: Ok, that is what I have. Do you have any ideas why radius appears to still be unable to determine an Auth-Type when trying to authenticate the user? I don't know. Read the debugging output of the server. Is it even looking at that line from 'users'? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/MySQL Authentication Problem
I don't know. Read the debugging output of the server. Is it even looking at that line from 'users'? I have killed and restarted radius with debugging and tried authenticating. I have not seen any mention of the users file or the loading of any of the DEFAULT values specified in the users file. Just for testing sake, I manually ran all of the sql queries that were displayed during the login and they all returned what I believe to be the appropriate data from the MySQL database so I do not believe that is the issue. In reading the comments in radiusd.conf, it appears that the users file is defined in the 'files' module and looking at the comments under 'authenticate' in the 'authtype PAP' section, it states, ...extract user passwords...(LDAP,SQL, etc). You should use the 'files' module to set 'Auth-Type := PAP' for this to work. I was however under the impression that 'Auth-Type' would be retrieved from the 'radgroupcheck' table for the group my test user is associated with under MySQL rather than the users file. Is that not the case? Do I in fact need to add 'files' under the 'authorize' or 'authenticate' sections? Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/MySQL Authentication Problem
If you want it to look at the 'users' file, then, absolutely. Since I didn't care for it to look at the 'users' file, then the entry of: | 3 | DialUp| Auth-Type| PAP | := | in the 'radgroupcheck' table should have taken care of the Auth-Type issue, correct? The list of my MySQL tables can be seen in the post to this list with subject 'freeradius/mysql unable to ascertain Auth-Type from mysql' Thanks, --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
On Wed, 11 Sep 2002, NetNITCO Systems Administration wrote: Alright, I have spent the better part of a day going through the list archives and I believe that I have configured FreeRadius correctly for using MySQL for authentication and accounting, however, I still get the following when trying to authenticate a user: rlm_sql: Pairs do not match [test1] rlm_sql: Released sql socket id: 3 modcall[authorize]: module sql returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. I have the following configured in MySQL table 'radcheck': ++--+---+---+--+ | id | UserName | Attribute | Value | op | ++--+---+---+--+ | 1 | test1| User-Password | test1 | == | ++--+---+---+--+ Try setting the operator to ':='. Otherwise the sql module will try to do a comparison and fail. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
Try setting the operator to ':='. Otherwise the sql module will try to do a comparison and fail. Thanks for the info. I have changed that entry, but the problem that still remains is that is appears that radius is unable to determine the Auth-Type as PAP, which I have set in the radgroupcheck table. I apparently have the users files configured properly, so I went ahead and added the 'files' module to the 'authorize' section of radiusd.conf. Now, when trying to authenticate I get the following message from radius, in which it appears that radius now sees that I have set 'DEFAULT Auth-Type := PAP' in the users files, however, it appears that the 'PAP' module does not know to use 'sql' to retrieve the password or something along that line: rlm_sql: Pairs do not match [test1] rlm_sql: Released sql socket id: 0 modcall[authorize]: module sql returns notfound modcall: group authorize returns ok rad_check_password: Found Auth-Type PAP auth: type PAP modcall: entering group authtype rlm_pap: login attempted by test1 with password test1 rlm_pap: Could not find password for user test1 modcall[authenticate]: module authtype returns invalid auth: Failed to validate the user. I'm assuming that somebody on this list must be using a recent version (post 0.5) with MySQL for authentication and accounting and simultaneous-use control. If so, please feel free to email me your radius configs and basic database entries that you know work for you. Thank You. --Josh Snyder NetNITCO Systems Administration - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/mysql unable to ascertain Auth-Type from mysql
NetNITCO Systems Administration wrote: Try setting the operator to ':='. Otherwise the sql module will try to do a comparison and fail. Thanks for the info. I have changed that entry, but the problem that still remains is that is appears that radius is unable to determine the Auth-Type as PAP, which I have set in the radgroupcheck table. [...] rlm_sql: Pairs do not match [test1] rlm_sql: Released sql socket id: 0 modcall[authorize]: module sql returns notfound I'm a bit rusty on this, but I don't think a lot of the SQL stuff, like setting the Auth-Type, is going to work until you fix this portion. -- Regards, Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd. Security Alert: Your Computer Is Currently Broadcasting An Internet IP Address. With This Address, Someone Can Immediately Begin Attacking Your Computer! -- One Of Those Profound Dialog Box Adverts. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius mysql php scripts
Hi, Iv just upgraded our radiusd server to freeradius 7.1, Iv started uesing MySQL accounting, still authing from passwd file for now. The MySQL accounting worked first time and works great. So I'm not reinventing the wheel, dose any one have some (php?) scripts to work with the MySQL accounting data. I'm looking for a script so users them self can look at there usage etc etc. Thanks Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius+mysql questions please
I try to explain my questions clearly. I have setup freeradius successfully,and now I can receive accept packet by compiling configure files,such as users,clients Later,I setup mysql successfully.I think successfully,because I can load the database schema and use sql commands. Later,I modified my radiusd.conf as authorise { preprocess suffix sql } authenticate { sql } preacct { suffix preprocess } accounting { detail unix sql radutmp } session { radutmp } -- what a pity.after I killed radiusd,and run again in debug mode,it comes such sentences: Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' . radiusd.conf:SQL modules aren't allowed in 'authenticate' sections --they have no such method. what's wrong?and I still remember in /etc/my.cnf,the socket is defined as tmp/mysql.sock. why does it happen,and how to solve it? Thanks anyway and bow __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql questions please
On Mon, 2 Sep 2002, Yu Zhang wrote: I try to explain my questions clearly. I have setup freeradius successfully,and now I can receive accept packet by compiling configure files,such as users,clients Later,I setup mysql successfully.I think successfully,because I can load the database schema and use sql commands. Later,I modified my radiusd.conf as authorise { preprocess suffix sql } authenticate { sql } preacct { suffix preprocess } accounting { detail unix sql radutmp } session { radutmp } -- what a pity.after I killed radiusd,and run again in debug mode,it comes such sentences: Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' . radiusd.conf:SQL modules aren't allowed in 'authenticate' sections --they have no such method. what's wrong?and I still remember in /etc/my.cnf,the socket is defined as tmp/mysql.sock. why does it happen,and how to solve it? Thanks anyway and bow 1. Check your my.cnf. Do you have a 'socket = /tmp/mysql.sock' in a [client] section? Having 'socket = /tmp/mysql.sock' in a [mysqld] section will just tell mysqld where to create the socket, not the mysql lib where to find it. 2. Remove sql from the authenticate section. The work can be done by the pap/chap/mschap modules. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql questions please
Hi, Remove the sql parameter fron the authenticate section of radiusd.conf Atanu Das System Development SS NetCom Pvt Ltd. Dhankheti Shillong-793003 Ph: 91+361+502355 Visit us at: http://www.neline.com - Original Message - From: Yu Zhang [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 02, 2002 1:23 PM Subject: freeradius+mysql questions please I try to explain my questions clearly. I have setup freeradius successfully,and now I can receive accept packet by compiling configure files,such as users,clients Later,I setup mysql successfully.I think successfully,because I can load the database schema and use sql commands. Later,I modified my radiusd.conf as authorise { preprocess suffix sql } authenticate { sql } preacct { suffix preprocess } accounting { detail unix sql radutmp } session { radutmp } -- what a pity.after I killed radiusd,and run again in debug mode,it comes such sentences: Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' . radiusd.conf:SQL modules aren't allowed in 'authenticate' sections --they have no such method. what's wrong?and I still remember in /etc/my.cnf,the socket is defined as tmp/mysql.sock. why does it happen,and how to solve it? Thanks anyway and bow __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql questions please
Thanks for your answers anyway.I dont know whether you have succeeded with ur methods,but I failed.Now I will explain my modifications and results. Above all,i declare,that in /etc/my.cnf,I have set socket=/tmp/mysql.sock in both client and mysqld modules. First,I deleted the sql in authenticate.Then I uncomment sth like this,u can c: pap { encryption_scheme = crypt } authenticate{ authtype PAP { pap } } the others are the same. This time,I can run radiusd -X, but it still comes:Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' in instantiation.and another error,Can't connect to SNMP agent with SMUX: connection refused. I want to ask,you did succeed by your way?And did you meet such problems?I really want you to help me because my boss ordered me to finish this in this week:( regards. __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+mysql questions please
I had the same problem... I cured it by recompiling freeradius. the Make.inc file I added -lpthread to LIBS and recompiled ... it worked George L. Carden III Office 706-823-2115 Fax 706-823-2019 Home 706-798-2245 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Yu Zhang Sent: Monday, September 02, 2002 10:40 PM To: [EMAIL PROTECTED] Subject: Re: freeradius+mysql questions please Thanks for your answers anyway.I dont know whether you have succeeded with ur methods,but I failed.Now I will explain my modifications and results. Above all,i declare,that in /etc/my.cnf,I have set socket=/tmp/mysql.sock in both client and mysqld modules. First,I deleted the sql in authenticate.Then I uncomment sth like this,u can c: pap { encryption_scheme = crypt } authenticate{ authtype PAP { pap } } the others are the same. This time,I can run radiusd -X, but it still comes:Can't connect to local MYSQL server through socket '/var/lib/mysql/mysql.sock' in instantiation.and another error,Can't connect to SNMP agent with SMUX: connection refused. I want to ask,you did succeed by your way?And did you meet such problems?I really want you to help me because my boss ordered me to finish this in this week:( regards. __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius+mysql
due to some of the meory issue with 0.5 i am working with 0.4 but i have 0.5 in the lab running a mysql back end the latest snap shot on a ultra sparc linux platform. what i need to do is get ascend data filters to spit out when a authectication works. essentially i need these ascend data filters Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip mailserver.ip Ascend-Data-Filter = ip in drop tcp dstport = 25 Ascend-Data-Filter = ip in forward - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius mysql tables
Radreply is often use to Force some Session Params, especially Framed-IP-Address,but it can be usefull to execute a script when authentication is done by radius : with the attribute Exec-Program if the result of the script has no importance or with Exec-Program-Wait if you want to check some additional control on the user, in such a case, User will be granted access only if this script returns 0. See README file for more explanation. Nicolas - Original Message - From: tywe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 09, 2002 9:24 PM Subject: Re: freeradius mysql tables I haven't used radreply yet, so I don't have any examples for you, but I'm pretty sure it's just like radcheck, except that the attributes found in radreply are used for determining what's in the reply packet that is sent to a user. Someone else might want to jump in and help with this one though, because I have no clue at this point. Frank - Original Message - From: Juan Hernandez To: [EMAIL PROTECTED] Sent: Tuesday, April 09, 2002 1:10 PM Subject: Re: freeradius mysql tables can you also explain radreply? - Original Message - From: tywe To: [EMAIL PROTECTED] Sent: Monday, April 08, 2002 11:03 PM Subject: Re: freeradius mysql tables id = automatic UserName = put in a username Attribute = the name of the attribute you are adding, typically Password? Value = depends on the attribute op = not needed, can be NULL, unless you need to do special things Example: insert into radcheck (UserName, Attribute, Value) values (test, Password, pass); There is also a dialup_admin script somewhere that is used for managing the database, but I haven't played with that yet. I just did inserts similar to above, and was able to get authentication working. Hope that helps! Frank - Original Message - From: Juan Hernandez To: [EMAIL PROTECTED] Sent: Tuesday, April 09, 2002 1:34 AM Subject: freeradius mysql tables I have freeradius 0.5, and I dont know, how do I fill the radcheck table? there are collumns I don't know what they are.. can someone clue me in? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html