Freeradius+MySql (Authorization Query) - regexp
Hi
I am using the following query for authorization and I
am getting the error 1064 from MySql (PARSE ERROR).
But when I am giving the same query replacing the
variables with values, I am getting the output. Can
someone explain me why.
(select id,UserName,Attribute,Value,op from
${authreply_table} where username='%{SQL-User-Name}')
union (select id,UserName, Attribute,
concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60)
Value,op from ${authreply_table}, pb_tariffs,surcharge
where \%{Called-Station-Id}\ regexp
concat(^,de_prefix) and value like
'h323-credit-amount=%' and username='%{SQL-User-Name}'
and dnis='%{Calling-Station-Id}' order by de_prefix
desc limit 1)
I am getting the error after adding 'regexp' to the
query.
Thanks,
Kiran
Yahoo! Messenger - Communicate instantly...Ping
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql (Authorization Query) - regexp
=?iso-8859-1?q?Kiran?= [EMAIL PROTECTED] wrote:
I am using the following query for authorization and I
am getting the error 1064 from MySql (PARSE ERROR).
But when I am giving the same query replacing the
variables with values, I am getting the output. Can
someone explain me why.
Look at the SQL debug log file. It will have the queries with the
variables replaced by values.
(select id,UserName,Attribute,Value,op from
${authreply_table} where username='%{SQL-User-Name}')
union (select id,UserName, Attribute,
concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60)
Value,op from ${authreply_table}, pb_tariffs,surcharge
where \%{Called-Station-Id}\ regexp
concat(^...
A double quote inside of a double-quoted string?
I am getting the error after adding 'regexp' to the
query.
Then what you added is the source of the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Number of MySQL connections needed?
Heya, all. This might be a silly question, but can anyone tell me a rule of thumb to figure out how many MySQL connections (num_sql_socks in the config) to configure based on ... heck, I don't know ... something like number of people dialed up at the same time? It's a bit difficult to say how many users I have simultaneously using FR, since the logs/debug stuff is sequential. Currently using 24 connections for auth and 24 for accounting. I'm wondering if I really need that many or if I should add more. Any ideas? What I've got seems to work: I'm just trying to be a little more scientific about it. Pointers to docs appreciated if this is in the docs and I missed it! Thanks! Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Number of MySQL connections needed?
On Thu, 18 Dec 2003, Kristina Pfaff-Harris wrote: Heya, all. This might be a silly question, but can anyone tell me a rule of thumb to figure out how many MySQL connections (num_sql_socks in the config) to configure based on ... heck, I don't know ... something like number of people dialed up at the same time? It's a bit difficult to say how many users I have simultaneously using FR, since the logs/debug stuff is sequential. Currently using 24 connections for auth and 24 for accounting. I'm wondering if I really need that many or if I should add more. Any ideas? What I've got seems to work: I'm just trying to be a little more scientific about it. Pointers to docs appreciated if this is in the docs and I missed it! See doc/tuning_guide In any case it depends on how fast your sql server responds to queries. One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time If you see active threads put in a few sql connections more than the maximum number of active threads. A more scientific solution is to increase the connection pool if you get 'out of sql sockets' errors radius.log :-) Thanks! Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Number of MySQL connections needed?
On Fri, 19 Dec 2003, Kostas Kalevras wrote: See doc/tuning_guide Thanks! I did check that out, but all it said was to make num_sql_socks larger than the number of simultaneous requests. (Hehe! Of course!) I'm still using 0.8.1, though: is tuning_guide updated in the latest? In any case it depends on how fast your sql server responds to queries. One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time If you see active threads put in a few sql connections more than the maximum number of active threads. So, if I understand you correctly, if during peak times only 5 connections are active, and the rest are sleeping, then I could get away with 10 connections? If so, then that makes a lot of sense. Most of my connections are sleeping at any given time. A more scientific solution is to increase the connection pool if you get 'out of sql sockets' errors radius.log :-) Haha! The people answering the tech support calls will not like that option, I think. :-) Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius mysql simultaneous-use question URGENT
'sql' is listed in the accounting section. Anyway I figured out that I was testing it incorrectly using NTRadping for I was testing for double logins by using Accounting (start/stop) as the Request typeinstead of using Authentication Request as the request type. I have successfully tested it and it works well now :) Thanks! Soujanya From: "Alan DeKok" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: freeradius mysql simultaneous-use question URGENT=20 Date: Tue, 16 Dec 2003 16:33:11 -0500 Reply-To: [EMAIL PROTECTED]=20 Soujanya Rao [EMAIL PROTECTED] wrote: Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done.=20=20 Ensure that 'sql' is listed in the 'accounting' section.=20 Run: radiusd -X=20 Alan DeKok. Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
freeradius mysql simultaneous-use question URGENT
Hi,
I am new to freeradius. I need some help in using simultaneous-use for detecting double logins using mysql only. Here is my current set up:
select * from radgroup check
++--- +---++---+| id | GroupName | Attribute | op | Value |+++++---+
| 2 | static | Auth-Type | == | Local |+++++---+| 4 | static | Simultaneous-Use | := | 1 |++++-++
select * from usergroup
++-+-+| id | UserName | GroupName |++-+-+| 33 | PW006 | static |++--++
select * from radcheck
++---+++--+| id | UserName | Attribute | op | Value |++---+++--+| 18 | PW006 | Password | == |abcd |++---++-+-+
In my radius.conf I have a set up like this:
session { sql}
In sql.conf, the "Simultaneous Use Checking Queries" are uncommented
I am using NTRadping to test for simultaneous-use and am failing to do so!
I am doing an accounting start using NTRadPing for the same user with adifferent NAS-IP-Address (Additional RADIUS attributes)and a different port NAS-Port (additional RADIUS attribute). Though simultaneous-use is setup the user is not stopped for double login at all. It creates two entries in the radaact table and when I run accounting stop it updates the relevant radacct records with the AcctStopTime.
Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done. The sqltrace.log does not show that the uncommented statements in sql.conf are executed. How do I make sure that they get executed. Also please let me know if this is a correct procedure for testing the same.
Thanks in advance,
Soujanya
.
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
Re: freeradius mysql simultaneous-use question URGENT
Soujanya Rao [EMAIL PROTECTED] wrote: Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done. Ensure that 'sql' is listed in the 'accounting' section. Run: radiusd -X Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius 0.9.3 / mysql 4.0.16: no logging
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 10:25:36 +,
James Green wrote:
Use radiusd -X and see what happens with the requests. You should see
the sql queries that the server tries to execute.
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote:
At Mon, 15 Dec 2003 10:25:36 +,
James Green wrote:
Use radiusd -X and see what happens with the requests. You should see
the sql queries that the server tries to execute.
Zorbadelos,
This has been done. That is how I know it connects to the database, but
doesn't perform any SQL queries.
I can get it to look up the user in the database even, it just refuses
to log the result in the database.
Its driving me up the wall :-(
James
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 12:57:24 +,
James Green wrote:
ZORBADELOS KONSTANTINOS wrote:
You said you used radiusd -x and not radiusd -X (case is important).
Please send the output you receive from radiusd -X. See the rlm_sql
and radius_xlat messages. Perhaps something is wrong with the
configuration of queries.
At Mon, 15 Dec 2003 10:25:36 +,
James Green wrote:
Use radiusd -X and see what happens with the requests. You should see
the sql queries that the server tries to execute.
Zorbadelos,
This has been done. That is how I know it connects to the database, but
doesn't perform any SQL queries.
I can get it to look up the user in the database even, it just refuses
to log the result in the database.
Its driving me up the wall :-(
James
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote:
At Mon, 15 Dec 2003 12:57:24 +,
James Green wrote:
ZORBADELOS KONSTANTINOS wrote:
You said you used radiusd -x and not radiusd -X (case is important).
Please send the output you receive from radiusd -X. See the rlm_sql
and radius_xlat messages. Perhaps something is wrong with the
configuration of queries.
Hello again.
Right, we've just had our NAS configured to the same spec that the
exising (non-test) one is which logs things fine.
Yet we still don't see anything in our database on the test number.
Here's the debug output - I hope someone can point the finger...
rad_recv: Access-Request packet from host 81.20.32.130:2048, id=40,
length=317
Attr-172818433 =
0x202449643a2041707469732e76696e666f2020496d6167654e616d653d6665706d64202056657273696f6e3d332e362e32703220204275696c644e756d6265723d3332383420204275696c64446174653d31322f31392f3230303020204275696c6454696d653d31363a33313a333820204d616368696e653d4255494c4430332020557365723d4275696c642020546172676574426f6172643d736363202054617267657450726f636573736f723d50504336303320204272616e63683d7033363220204578702024
NAS-IP-Address = 81.20.32.130
User-Name = [EMAIL PROTECTED]
CHAP-Password = 0x017095d941e007b1ca52c6ee6137cf8d65
Called-Station-Id = 08714719098
Calling-Station-Id = 1493660030
NAS-Port = 17236748
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
modcall: entering group authorize for request 3
modcall[authorize]: module preprocess returns ok for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215
modcall[authorize]: module auth_log returns ok for request 3
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module chap returns ok for request 3
modcall[authorize]: module eap returns noop for request 3
rlm_realm: Looking up realm wapmob for User-Name = [EMAIL PROTECTED]
rlm_realm: Found realm wapmob
rlm_realm: Adding Stripped-User-Name = james
rlm_realm: Proxying request from user james to realm wapmob
rlm_realm: Adding Realm = wapmob
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module suffix returns noop for request 3
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module sql returns notfound for request 3
users: Matched DEFAULT at 152
users: Matched DEFAULT at 159
modcall[authorize]: module files returns ok for request 3
modcall[authorize]: module mschap returns noop for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [james/CHAP-Password] (from client intelliplus port 17236748
cli 1493660030)
modcall: entering group post-auth for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215
modcall[post-auth]: module reply_log returns ok for request 3
modcall: group post-auth returns ok for request 3
Re: radius 0.9.3 / mysql 4.0.16: no logging
modcall[authorize]: module preprocess returns ok for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215
modcall[authorize]: module auth_log returns ok for request 3
[snip]
modcall: entering group post-auth for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215
modcall[post-auth]: module reply_log returns ok for request 3
[snip]
modcall[accounting]: module sql returns ok for request 4
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/detail-20031215'
rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/detail-20031215
modcall[accounting]: module detail returns ok for request 4
modcall[accounting]: module unix returns ok for request 4
radius_xlat: '/var/log/radiusd/radutmp'
radius_xlat: '[EMAIL PROTECTED]'
modcall[accounting]: module radutmp returns ok for request 4
modcall: group accounting returns ok for request 4
Please bear in mind that authentication and authorisation is done using
flat files, accounting is done in a database. The latter doesn't work.
James,
All of your accounting data is being written to the details files. You must
not have put sql in the accounting section of radius.conf.
Also make sure the sql queries in sql.conf are correct for the radacct
table.
Take a look at my radius.conf for reference to using mysql for accounting and
user/pass/groups (auth).
http://mrtizmo.com/freeradius/
Hope some of this helps!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Testers Please - MySQL and PostgreSQL compatability patch
I hoped these patches would have been applied to CVS by now, but they haven't. If anyone is interested in PostgreSQL support for freeradius, please check out the site I have setup, and send feedback if you find any problems. I have verified my patch against the CVS as of 2003 Dec 15 10:15. Have anice day Guy Fraser wrote: This patch has been made against the CVS tree, I have verified that it applies to the CVS as of Dec 10 16:11 2003 MDT. This is a unified patch that will patch the radiusd directory. I have solved, all the compatibility issues between MySQL and PostgreSQL for Dialup Admin,as far as I can tell. I tested all the dialupadmin interfaces with PostgreSQL and MySQL. They both work and all I have to do to switch between them is change the sql driver and port in conf/admin.conf. I have done a considerable amount of work getting this code to work with PostgreSQL and ensuring that MySQL works without having to modify the SQL tables, data or any of the other config files. It is dead easy to see that the code works. I have provided a patch, some sample data for both MySQL and PostgreSQL and a demo site running with both configurations. The homepage for the site is at : http://sphinx.incentre.net/ Please have a look, and get back to me with your suggestions. I would like to see this put into cvs soon. I have a fair amout of other development to do, and don't want to have too many patch levels to maintain. For the non developers watching this post, these are the steps required to test this patch : mkdir test-dir cd test-dir cvs -d :pserver:[EMAIL PROTECTED]:/source login enter the password : anoncvs cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd cvs -d :pserver:[EMAIL PROTECTED]:/source logout patch dialupadmin-pg-compatability.patch The radiusd directory should now be patched. I will put the patches for the dialup_admin/bin files once I get feedback. RSVP -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
Nick Davis wrote:
James,
All of your accounting data is being written to the details files. You must
not have put sql in the accounting section of radius.conf.
You mean this?:
accounting {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
acct_unique
sql
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# daily
unix# wtmp file
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There's little we can do about it.
radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
# main_pool
}
Been there for some time.
Also make sure the sql queries in sql.conf are correct for the radacct
table.
I've not touched them. The only thing I did was make it use
radacct_table1/table2, for which I searched and replaced. mysql.err
shows nothing, and I've logged into the mysql server using the radius
user account and successfully inserted some data.
I find it suspicous that although I see SQL queries to SELECT data in
the authorisation and authentication phase, I see no SQL being performed
for accounting data.
Take a look at my radius.conf for reference to using mysql for
accounting and
user/pass/groups (auth).
http://mrtizmo.com/freeradius/
Thanks for this, can't see much in there that's different to mine!
James
Hope some of this helps!
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: What file(s) should I run ldd against? rlm_sql_mysql.so Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Success
Title: Message To all, I finall got it, go figure it was a very obvious answer. I simply re-configured FreeRADIUS using ./configure --with-static-modules="sql sql_mysql" command. When I executed a make, it errored out saying it could not find ../modules/rlm_sql_mysql. I simply made a symbolic link to include the rlm_sql_mysql sub-directory in the ../modules/ directory and re-ran make. Everything works great now, thanks! Cordially, Chris DeRamus OCIO VPN Administrator SAIC -Original Message-From: Deramus, Chris Sent: Sunday, December 14, 2003 11:09 PMTo: '[EMAIL PROTECTED]'Subject: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use "--disable-shared" when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Alan, What file(s) should I run ldd against? Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 4:44 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Here's the output from the box, as you can see I have the development package. Any other thoughts? [EMAIL PROTECTED] -rpm -qa | grep mysql mysqlclient9-3.23.22-8 mysql-devel-3.23.58-1.72 mysql-3.23.58-1.72 php-mysql-4.1.2-2.1.6 mysql-server-3.23.58-1.72 mod_auth_mysql-1.11-1 Thanks! Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/ SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
On Fri, 2003-12-12 at 08:18, Deramus, Chris wrote: Here's the output from the box, as you can see I have the development package. Any other thoughts? [EMAIL PROTECTED] -rpm -qa | grep mysql mysqlclient9-3.23.22-8 mysql-devel-3.23.58-1.72 mysql-3.23.58-1.72 php-mysql-4.1.2-2.1.6 mysql-server-3.23.58-1.72 mod_auth_mysql-1.11-1 Recompile with options: --with-rlm-sql-lib-dir=/usr/lib/mysql --with-rlm-sql-include-dir=/usr/include/mysql Give that a try. --Josh Snyder, Linux/UNIX Systems Administrator NetNITCO Internet Services [EMAIL PROTECTED] http://www.netnitco.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
I also mis-typed my message. The package that I was talking about was mysql-shared not mysql-devel. I do not think you need mysql-shared though, or do you? Thanks, Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/ SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Title: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 -rob At 04:23 PM 12/12/2003 -0500, you wrote: To all, I have spent over 16 hours working this issue now and am completely out of ideas. I have tried RPM Installations of multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still getting the error message: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Deramus, Chris Sent: Friday, December 12, 2003 2:01 PM To: '[EMAIL PROTECTED]' Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 04:14 PM 12/12/2003, Chris Parker wrote: At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. Following up my own post, here are the changes we had to make to the 'configure' in 'src/modules/rlm_sql/drivers/rlm_mysql', around line 900. LIBS=$LIBS -lz to LIBS=$LIBS -lsocket -lnsl -lm -lz In other words, we added the '-lsocket -lnsl -lm' libraries, as there are needed for the compilation to complete. Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
On Wed, 10 Dec 2003 13:56:44 -0500 Alan DeKok [EMAIL PROTECTED] wrote: Justin Williams [EMAIL PROTECTED] wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Will a HUP force a reload of the config? -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Graeme Hinchliffe [EMAIL PROTECTED] wrote: Will a HUP force a reload of the config? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
--On Thursday, December 11, 2003 01:40:40 PM -0500 Alan DeKok [EMAIL PROTECTED] wrote: Graeme Hinchliffe [EMAIL PROTECTED] wrote: Will a HUP force a reload of the config? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Were you able to address the occasional server crash in response to the HUP? -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Dan Monjar [EMAIL PROTECTED] wrote: Were you able to address the occasional server crash in response to the HUP? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Title: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
To all --
I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius.
I used the following configure line:
./configure --with-mysql-include-dir=/usr/include/mysql --with-mysql-dir=/usr/lib/mysql --with-mysql
I configured the flat configuration files including radiusd.conf to match my desired configuration. SQL is setup like so:
--- Pasted from radiusd.conf ---
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql2.conf
authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
#
# It also adds a Client-IP-Address attribute to the request.
autztype sql1 {
sql
}
autztype sql2 {
sql2
}
accounting {
detail
acctype sql1 {
sql
}
acctype sql2 {
sql2
}
radutmp
My sql.conf and sql2.conf files repesctively called the driver rlm_sql_mysql. Upon launching radiusd with debugging turned on I get the following message:
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
radiusd.conf[4]: sql: Module instantiation failed.
I have re-configured the sql_mysql module multiple times, even as a static module and no luck. I am wondering if this has to do with differences in the way MySQL is setup in the Enterprise 2.1 ES distro? Any light that you can shed on this issue would be greatly appreciated.
Thanks and have a great day,
Chris DeRamus
Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius with MySQL
Title: Untitled Document
Hi!
Don't know why but when i try to
authentication an user using database don't work.
I commented that's lines in file
/etc/raddb/users
# First setup all accounts to be checked
against the UNIX /etc/passwd.# (Unless a password was already given earlier
in this file).##DEFAULT Auth-Type =
System# Fall-Through =
1
To force Auth-Type in databases and give
this error:
rad_recv: Access-Request
packet from host 192.168.0.60:32799, id=228,
length=61 User-Name =
"aferreira" User-Password =
"stag" NAS-IP-Address =
255.255.255.255 NAS-Port =
0modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request
0radius_xlat:
'/var/log/radius/radacct/192.168.0.60/auth-detail-20031210'rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.60/auth-detail-20031210
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request
0 rlm_realm: No '@' in User-Name = "aferreira",
looking up realm NULL rlm_realm: No such realm
"NULL" modcall[authorize]: module "suffix" returns noop for request
0 modcall[authorize]: module "files" returns notfound for request
0 modcall[authorize]: module "mschap" returns noop for request
0modcall: group authorize returns ok for request 0auth: No
authenticate method (Auth-Type) configuration found for the request: Rejecting
the userauth: Failed to validate the user.Delaying request 0
for 1 seconds
Anybody know what de
happend?
Leandro
Sant'anaMeu Provedor Tecnologias e Informática
Ltda.Rua Camerino, 128 Grs.
302Centro - Rio de Janeiro - RJ - CEP 20080-010Tel.: 55 21 25181011
(PABX/FAX)Telefone Móvel - Celular: 55 21
8844-2645
mp.jpg
FreeRadius with MySQL
Leandro, See to it you included sql in authorization and accounting. Another helpful information ... http://www.frontios.com/freeradius.html = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with MySQL
Please read the FAQ before posting again. Turn off your Graphic and html. Leandro Sant'ana wrote: A bunch of html with a graphic covering the text - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with MySQL
Leandro Sant'ana [EMAIL PROTECTED] wrote: I commented that's lines in file /etc/raddb/users ... #DEFAULT Auth-Type =3D System #Fall-Through =3D 1 To force Auth-Type in databases No. Uncommenting that line means you forced it to NOT use System authentication. But you didn't tell it what OTHER authentication method to use, so the server failed. modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Did you try setting an Auth-Type somewhere? What part of the error message is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 0.9.3 with mysql
Hi all I have freeradius 0.9.3 set up on a linux box with (presumably) mysql compiled in as well. I have the mysql-devel files installed before configure/make/make installing. I followed through the how-to found at http://www.frontios.com/freeradius.html, but, that is a set of how-to for a somewhat older version. At any rate, with the user test in the users file, it authenticates just fine. When I comment that out and add the user to the mysql table, usergroups, it does not authenticate, and I don't notice any reference to mysql in the rejection notice (I can copy/paste that notice in if it will help anybody). I did notice an extra table in the current version that was not mentioned in the how-to, and that is the table radacct. Is that where I need to be adding users, later on (when this thing actually goes live)? On a different note, has anybody used this radius daemon with the Venturi acceleration server? Any pointers on that would be helpful too! Thanks!! --===-- Justin Williams Penguin Herder Power Shift Online Services 571 South Main Street Stowe, VT 05672 877-949-9967 Who shook my snow globe?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Justin Williams [EMAIL PROTECTED] wrote: At any rate, with the user test in the users file, it authenticates just fine. When I comment that out and add the user to the mysql table, usergroups, it does not authenticate, and I don't notice any reference to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Already running in debugging mode, but, too ignorant of what it all means. If there is a reference you recommend that would help me learn more about radius, in general, I'll be happy to go hunting in there too. I added sql to the accounting section in radius.conf, but I did not add it into the authorize section... Added that and will hope that it works... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: At any rate, with the user test in the users file, it authenticates just fine. When I comment that out and add the user to the mysql table, usergroups, it does not authenticate, and I don't notice any reference to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Bingo... That worked... I was missing the sql entry in the authorize section... Would still love to go read up on radius, though! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Williams Sent: Wednesday, December 10, 2003 1:43 PM To: [EMAIL PROTECTED] Subject: RE: Freeradius 0.9.3 with mysql Already running in debugging mode, but, too ignorant of what it all means. If there is a reference you recommend that would help me learn more about radius, in general, I'll be happy to go hunting in there too. I added sql to the accounting section in radius.conf, but I did not add it into the authorize section... Added that and will hope that it works... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: At any rate, with the user test in the users file, it authenticates just fine. When I comment that out and add the user to the mysql table, usergroups, it does not authenticate, and I don't notice any reference to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Justin Williams [EMAIL PROTECTED] wrote: Bingo... That worked... I was missing the sql entry in the authorize section... That's good to hear. Would still love to go read up on radius, though! Buy the RADIUS book. See the web site for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Thank you! By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:48 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: Bingo... That worked... I was missing the sql entry in the authorize section... That's good to hear. Would still love to go read up on radius, though! Buy the RADIUS book. See the web site for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Justin Williams [EMAIL PROTECTED] wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Thanks! Was thinking in terms of daemons like httpd, which have their own start/stop commands. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
The init command will depend on the distribution you are using. On RH, as root it should be somthing like : /sbin/service radiusd restart On Debian : /etc/init.d/freeradius restart On Suse: /etc/init.d/radiusd restart On FreeBSD :-) /usr/local/etc/rc.d/radiusd.sh restart Good luck. Justin Williams wrote: Thanks! Was thinking in terms of daemons like httpd, which have their own start/stop commands. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
In Mandrake (very similar to redhat in most respects), service radiusd restart returned the error that radiusd was not registered as a service... For the moment, kill works... ;-) Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: Wednesday, December 10, 2003 5:46 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql The init command will depend on the distribution you are using. On RH, as root it should be somthing like : /sbin/service radiusd restart On Debian : /etc/init.d/freeradius restart On Suse: /etc/init.d/radiusd restart On FreeBSD :-) /usr/local/etc/rc.d/radiusd.sh restart Good luck. Justin Williams wrote: Thanks! Was thinking in terms of daemons like httpd, which have their own start/stop commands. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql Justin Williams [EMAIL PROTECTED] wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius
Hi, Documentation says:
for sql make sure to have Max-All-Session entry under either radcheck or
radgroup check table:
INSERT into radcheck VALUES ('','test0001','Max-All-Session','54000',':=');
I hope this help you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sample data for mysql setup with dialup_admin
Hi
I know people are always asking for sample data, since I am in the
process of testing the mysql version of dialup_admin for compatability
with my postgresql patches, I have created some sample data for testing.
--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.
delete from usergroup ;
insert into usergroup (username,groupname) values('fredf','ppp-unlimited');
insert into usergroup (username,groupname) values('barneyr','ppp-static');
insert into usergroup (username,groupname) values('troll','ppp-unlimited');
insert into usergroup (username,groupname) values('frog','nas-prompt');
delete from radcheck ;
insert into radcheck (username,attribute,op,value)
values('fredf','User-Password','==','wilma');
insert into radcheck (username,attribute,op,value)
values('barneyr','User-Password','==','betty');
insert into radcheck (username,attribute,op,value)
values('troll','Crypt-Password','==','$1$A8BotTi4$UTg2XL.fSStI2RFENUfnR.');
insert into radcheck (username,attribute,op,value)
values('frog','User-Password','==','kermit');
delete from radreply ;
insert into radreply (username,attribute,op,value)
values('barneyr','Framed-IP-Address',':=','10.19.65.38');
insert into radreply (username,attribute,op,value)
values('barneyr','Framed-IP-Netmask',':=','255.255.255.252');
delete from radgroupcheck ;
insert into radgroupcheck (groupname,attribute,op,value)
values('ppp-unlimited','Auth-Type',':=','Local');
insert into radgroupcheck (groupname,attribute,op,value)
values('ppp-static','Auth-Type',':=','Local');
insert into radgroupcheck (groupname,attribute,op,value)
values('nas-prompt','Auth-Type',':=','Local');
delete from radgroupreply ;
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-unlimited','Framed-Compression',':=','Van-Jacobsen-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-unlimited','Framed-Protocol',':=','PPP');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-unlimited','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-unlimited','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-static','Framed-Compression',':=','Van-Jacobsen-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-static','Framed-Protocol',':=','PPP');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-static','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value)
values('ppp-static','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value)
values('nas-prompt','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value)
values('nas-prompt','Framed-Compression',':=','Van-Jacobson-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value)
values('nas-prompt','Service-Type',':=','NAS-Prompt');
delete from userinfo ;
insert into userinfo (username,name,mail,department,workphone,homephone,mobile)
values('fredf','Fred Flintstone','-','Quarry','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile)
values('barneyr','Barney Rubble','-','Office','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile)
values('troll','Erik The Red','-','Bridge','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile)
values('frog','Kermit The Frog','-','Pond','-','-','-');
delete from totacct ;
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('joebob','2003-11-14','1','0','0','0','0','0','127.0.0.1');
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('barneyr','2003-11-18','1','0','0','0','0','0','10.10.10.143');
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('fredf','2003-11-18','2','9','9','0','0','0','10.10.10.143');
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('radius','2003-11-18','1','0','0','0','0','0','10.10.10.143');
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('troll','2003-11-18','1','0','0','0','0','0','10.10.10.143');
insert into totacct
(username,acctdate,connnum,conntotduration,connmaxduration,connminduration,inputoctets,outputoctets,nasipaddress)
values('troll','2003-11-18','4','0','0','0','0','0
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
At Wed, 3 Dec 2003 13:22:14 -0500,
Michael Shanafelt wrote:
Look into your ${exec_prefix}/lib to see if you have something like
rlm_sql_mysql.so - rlm_sql_mysql-0.9.2.so
If you don't, make sure you have mysql-dev packages installed (header
files and stuff) and recompile paying attention to configure and make
messages.
OK, I had my FreeRadius server working fine for Wireless LAN MAC
authentication using the clients and users text files.
My next step was to setup a MySQL database that would store the
usernames and groups rather than having the text file. I followed the
directions in Hassell's RADIUS book and everything was successful until
I issued the radiusd -x -x command to start the server.
Now I'm getting an error stating:
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in
the search path of your system's ld.
Radiusd.conf[14]: sql: Module instantiation failed.
My limited knowledge tells me that the rlm_sql_mysql driver isn't
installed. Is this correct? How can I fix it?
Thanks,
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius
Is this possible??? Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius when i put this attribute in radcheck, all is ok... but i want use it like a group attribute in the radgroupcheck o radgroupreply but when i do this nothing happens. Roddy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable,
Try to use shorter secret.
--Tuesday, December 2, 2003, 6:08:17 PM, you wrote to [EMAIL PROTECTED]:
From the NAS realms.conf file:
EG realm homenode.greatlakes.net {
EG type=radius
EG authhost=208.244.161.200:1812
EG accthost=208.244.161.200:1813
EG secret=076q2345hudp89YASIJF7890QW4
EG nostrip
EG }
From the server's clients.conf file:
EG client homenode.greatlakes.net {
EG secret = 076q2345hudp89YASIJF7890QW4
EG shortname = homenode
EG }
EG The NAS is running FreeRADIUS Version 0.9-pre, for host i686-pc-linux-gnu, built
on Feb 21 2003 at 15:58:26.
EG The Server is running FreeRADIUS Version 0.9.3, for host i686-pc-linux-gnu, built
on Dec 1 2003 at 16:31:07
EG I cannot change what is running on the NAS, but I can change what is running on
the server if it is a version conflict or something.
EG -Original Message-
EG From: 3APA3A [mailto:[EMAIL PROTECTED]
EG Sent: Tuesday, December 02, 2003 5:27 AM
EG To: Eliot Gable
EG Subject: Re: MS-CHAPv2 + MySQL + group authtype failure
EG Dear Eliot Gable,
EG Make sure shared secret configured for NAS and password entered by
EG client are valid. Check cleartext and MS-CHAP (v1) authentication.
EG --Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]:
EG I've been trying to get a Windows XP machine to authenticate against freeRADIUS
0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a
group-check failure. I can't figure
EG out why I'm getting that. I modified the rlm_mschap.c file to print out the two
strings it is comparing where the failure takes place. I didn't format it nicely, so
it looks like gibberish, but
EG it at least shows how different the strings are. I'm using MySQL to store the
username/password and group information.
--
~/ZARAZA
, - ! ()
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable, --Tuesday, December 2, 2003, 9:58:52 PM, you wrote to [EMAIL PROTECTED]: EG | 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net | 0 | Read RFC about what Vendor-Specific attribute is. -- ~/ZARAZA -. () - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
On Tue, 2003-12-02 at 19:26, Alan DeKok wrote: Eliot Gable [EMAIL PROTECTED] wrote: The only essential design feature is this: when a user authenticates = against a localnode, a Vendor-Specific attribute (with a vendor code of = 4363 and attribute number of 5) containing a string of the name of = the user's RNET must be returned to the localnode and homenode. sigh You didn't understand it, so you took it to mean that you should so something totally different, rather than figure out how to do it properly. See the dictionary files for examples of vendor dictionariess. Heck, grab the CVS snapshot tomorrow, and I've added a 'dictionary.bristol', based on what you said. Alan, Thanks, this will make life a bit easier. Thanks also for helping Elliot out. This thread was started while I was out of the office, so I wasn't able to cut in and help Elliot myself. Would you mind naming it dictionary.university_of_bristol on the basis that the official IANA vendor code calls it this? I'll also be updating my documentation to include FreeRADIUS info, as well as spit IAS. josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth MS-CHAP and mysql
At Mon, 1 Dec 2003 12:10:51 -0500, Duane Barnes wrote: [1 text/plain; us-ascii (quoted-printable)] I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to allow ms-chap and have gotten it to instantiate the module, but I don't know how to enter the ms-chap password into the mysql db. Below is the error: Error: rlm_sql_authorize: no rows returned from query (no such user) Auth: Login incorrect: [testuser/CHAP-Password] (from client radius port 0) [2 text/html; us-ascii (quoted-printable)] http://www.frontios.com/freeradius.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with RLM MYSQL
Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Josh Howlett [EMAIL PROTECTED] wrote: Thanks, this will make life a bit easier. Thanks also for helping Elliot out. This thread was started while I was out of the office, so I wasn't able to cut in and help Elliot myself. You're welcome. Would you mind naming it dictionary.university_of_bristol on the basis that the official IANA vendor code calls it this? I'll also be updating my documentation to include FreeRADIUS info, as well as spit IAS. It's dictionary.bristol now. I can change it, but I don't see it a huge reason to do so. (i.e. I'm lazy...) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with RLM MYSQL
On Wed, Dec 03, 2003, Breuer Nicolas - BelCenter.com wrote: Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. I just ran into this last week when building freeradius under the OpenPKG.org packaging system. If your mysql headers and libraries aren't in /usr/local/include and /usr/local/lib or similar standard locations or aren't installed at all, you probably have to do a couple of things: standard input:19: warning: macro `..' not defined 1. You may need to install the mysql-devel RPM on your RH system if they headers and libraries aren't there (I'm not very familiar with RH RPM structures, currently using SuSE, formerly Caldera Linux). 2. You may have to add a couple of options to your configure: ./configure \ --with-mysql-include-dir=path_to_mysql_headers \ --with-mysql-lib-dir=path_to_mysql_libraries \ ... The base ./configure script doesn't give the options for mysql or postgresql, and probably some others. I found them by running ``./configure --help'' in the appropriate directories. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Systems, Inc. UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``The who nation is interested that the best use shall be made of these [new] territories. We want them for the homes of free white people'' -- Abraham Lincoln, Octobe 16, 1854 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL with FreeRadius (rlm_sql_mysql driver problem)
OK, I had my FreeRadius server working fine for Wireless LAN MAC authentication using the clients and users text files. My next step was to setup a MySQL database that would store the usernames and groups rather than having the text file. I followed the directions in Hassell's RADIUS book and everything was successful until I issued the radiusd -x -x command to start the server. Now I'm getting an error stating: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Radiusd.conf[14]: sql: Module instantiation failed. My limited knowledge tells me that the rlm_sql_mysql driver isn't installed. Is this correct? How can I fix it? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
same problem.. On 3 Dec 2003 at 13:22, Michael Shanafelt wrote: OK, I had my FreeRadius server working fine for Wireless LAN MAC authentication using the clients and users text files. My next step was to setup a MySQL database that would store the usernames and groups rather than having the text file. I followed the directions in Hassell's RADIUS book and everything was successful until I issued the radiusd -x -x command to start the server. Now I'm getting an error stating: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Radiusd.conf[14]: sql: Module instantiation failed. My limited knowledge tells me that the rlm_sql_mysql driver isn't installed. Is this correct? How can I fix it? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html BREUER NICOLAS Content Marketing Manager ** BELCENTER ISP PORTALS ** Avenue Henri Conscience, 94 B -1140 Bruxelles ** HelpDesk : 0902/40.120 ** Tél. :+32 2 243 0 243 Fax :+32 2 243 0 244 E Mail : [EMAIL PROTECTED] http://www.BelCenter.com | http://www.BelCenter.net http://www.LuxCenter.net | http://www.BulkSMS.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help with RLM MYSQL
Hmm, You probably forgot to install the mysql devel rpm. Cheers Patrick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Breuer Nicolas - BelCenter.com Sent: woensdag 3 december 2003 10:55 To: [EMAIL PROTECTED] Subject: Help with RLM MYSQL Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable, Make sure shared secret configured for NAS and password entered by client are valid. Check cleartext and MS-CHAP (v1) authentication. --Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]: EG I've been trying to get a Windows XP machine to authenticate against freeRADIUS 0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a group-check failure. I can't figure EG out why I'm getting that. I modified the rlm_mschap.c file to print out the two strings it is comparing where the failure takes place. I didn't format it nicely, so it looks like gibberish, but EG it at least shows how different the strings are. I'm using MySQL to store the username/password and group information. -- ~/ZARAZA , . ! () - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
From the NAS realms.conf file:
realm homenode.greatlakes.net {
type=radius
authhost=208.244.161.200:1812
accthost=208.244.161.200:1813
secret=076q2345hudp89YASIJF7890QW4
nostrip
}
From the server's clients.conf file:
client homenode.greatlakes.net {
secret = 076q2345hudp89YASIJF7890QW4
shortname = homenode
}
The NAS is running FreeRADIUS Version 0.9-pre, for host i686-pc-linux-gnu, built on
Feb 21 2003 at 15:58:26.
The Server is running FreeRADIUS Version 0.9.3, for host i686-pc-linux-gnu, built on
Dec 1 2003 at 16:31:07
I cannot change what is running on the NAS, but I can change what is running on the
server if it is a version conflict or something.
-Original Message-
From: 3APA3A [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 5:27 AM
To: Eliot Gable
Subject: Re: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable,
Make sure shared secret configured for NAS and password entered by
client are valid. Check cleartext and MS-CHAP (v1) authentication.
--Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]:
EG I've been trying to get a Windows XP machine to authenticate against freeRADIUS
0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a
group-check failure. I can't figure
EG out why I'm getting that. I modified the rlm_mschap.c file to print out the two
strings it is comparing where the failure takes place. I didn't format it nicely, so
it looks like gibberish, but
EG it at least shows how different the strings are. I'm using MySQL to store the
username/password and group information.
--
~/ZARAZA
, . ! ()
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Auth MS-CHAP and mysql
Title: Message You need to have an entry in usergroup specifying what group the user belongs to. You need another entry in radreply specifying any specific attributes you want returned. Finally, you need an entry in radcheck specifying the username, attribute (password), op (==), and value (their password). Also, it looks like you are receiving a CHAP-Password attribute. Are you using MS-CHAP version 1 or 2, or just CHAP? Please post your config, and full radius output, as well as your client information (OS, version of CHAP, etc). Before you try getting MS-CHAP to work, get the server to authorize a plain old users using SQL. You also probably want to upgrade. From: Duane Barnes [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: Auth MS-CHAP and mysql I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to allow ms-chap and have gotten it to instantiate the module, but I don't know how to enter the ms-chap password into the mysql db. Below is the error: Error: rlm_sql_authorize: no rows returned from query (no such user) Auth: Login incorrect: [testuser/CHAP-Password] (from client radius port 0)
RE: MS-CHAPv2 + MySQL + group authtype failure
-Original Message- From: 3APA3A [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 5:27 AM To: Eliot Gable Subject: Re: MS-CHAPv2 + MySQL + group authtype failure Dear Eliot Gable, Make sure shared secret configured for NAS and password entered by client are valid. Check cleartext and MS-CHAP (v1) authentication. ^ This almost works. The server responds with an accept packet, but the NAS does not like the response and sends the client a reject packet. What I am seeing is two separate(?) errors on the NAS (a roamnode that Josh Howlett designed; output at the bottom)... snip WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor specific attributes do not exactly fill Vendor-Specific snip modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds snip My vendor specific tag is set in my SQL table: mysql select * from radgroupreply; ++---+-++-+- -+ | id | GroupName | Attribute | op | Value | prio | ++---+-++-+- -+ | 1 | 56/56 | Framed-MTU | := | 1500|0 | | 2 | 56/56 | Service-Type| := | Framed |0 | | 3 | 56/56 | Framed-Protocol | := | PPP |0 | | 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net |0 | ++---+-++-+- -+ Here is the output from the server (which looks good); the NAS output follows this: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /admin/radius main: logdir = /admin/radius/log/radius main: libdir = /usr/local/lib main: radacctdir = /admin/radius/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /admin/radius/log/radius/radius.log main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /admin/radius/run/radiusd/radiusd.pid main: user = nobody main: group = nobody main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /admin/radius/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /admin/radius/raddb/huntgroups preprocess: hints = /admin/radius/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql
Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote: snip WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor specific attributes do not exactly fill Vendor-Specific snip Yes. Do you understand what Vendor-Specific attributes are? | 4 | 56/56 | Vendor-Specific | :=3D | homenode.greatlakes.net |= This is not a Vendor-Specific attribute. Delete this entry from your database, and it will work. modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Maybe try configuring a way for the server to authenticate that request... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
No, I don't understand what Vendor-Specific attributes are. Is there
someplace where I can learn about them (aside from source-code)? Or
could you possibly give me a brief explaination?
What do you mean by configuring a way for the server to authenticate
that request? I thought the whole point of the NAS was to simply forward
the RADIUS request to the main RADIUS server and the forward the
response from that server to the client. I guess I'm missing something.
I'm fairly new to RADIUS and NASes. The realms.conf file for the NAS is:
realm NULL {
type=radius
authhost=208.244.161.200:1812
accthost=208.244.161.200:1813
secret=076q2345hudp89YASIJF7890QW4
nostrip
}
realm homenode.greatlakes.net {
type=radius
authhost=208.244.161.200:1812
accthost=208.244.161.200:1813
secret=076q2345hudp89YASIJF7890QW4
nostrip
}
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote:
snip
WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor
specific attributes do not exactly fill Vendor-Specific
snip
Yes. Do you understand what Vendor-Specific attributes are?
| 4 | 56/56 | Vendor-Specific | :=3D | homenode.greatlakes.net |
=
This is not a Vendor-Specific attribute. Delete this entry from
your database, and it will work.
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
Maybe try configuring a way for the server to authenticate that
request...
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote: The only essential design feature is this: when a user authenticates = against a localnode, a Vendor-Specific attribute (with a vendor code of = 4363 and attribute number of 5) containing a string of the name of = the user's RNET must be returned to the localnode and homenode. sigh You didn't understand it, so you took it to mean that you should so something totally different, rather than figure out how to do it properly. See the dictionary files for examples of vendor dictionariess. Heck, grab the CVS snapshot tomorrow, and I've added a 'dictionary.bristol', based on what you said. It gives an example of how to do it under IAS for Win2k, but I'm not familiar with IAS. If you're not familiar with FreeRADIUS, then you should ask how to follow the instructions using FreeRADIUS, rather than waiting 3-4 messages before describing what you were trying to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
Thank you for the help. Let me see if I have this straight now The dictionary file that Josh Howlett sent me was: # Roamnode VSAs # # $Id: dictionary.roamnode,v 1.0 2002/08/28 17:20:00 josh Exp $ # VENDOR roamnode 4363 ATTRIBUTE NN-Data-Rate 1 integer roamnode ATTRIBUTE NN-Data-Rate-Ceiling 2 integer roamnode ATTRIBUTE NN-Homenode 3 ipaddr roamnode ATTRIBUTE NN-Homeservice4 ipaddr roamnode ATTRIBUTE NN-Homeservice-Name 5 string roamnode So, what he is actually saying is that I need to put this in my radgroupreply: NN-Homeservice-Name := homenode.greatlakes.net Correct? -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure Eliot Gable [EMAIL PROTECTED] wrote: No, I don't understand what Vendor-Specific attributes are. Is there someplace where I can learn about them (aside from source-code)? Or could you possibly give me a brief explaination? http://www.freeradius.org/rfc/attributes.html And click on 'Vendor-Specific' What do you mean by configuring a way for the server to authenticate that request? I thought the whole point of the NAS was to simply forward the RADIUS request to the main RADIUS server and the forward the response from that server to the client. It's not a NAS. You're using it as a proxy RADIUS server. I'd suggest buying the RADIUS book, and reading it. It will help you a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote: So, what he is actually saying is that I need to put this in my radgroupreply: NN-Homeservice-Name := homenode.greatlakes.net Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
-Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure What do you mean by configuring a way for the server to authenticate that request? I thought the whole point of the NAS was to simply forward the RADIUS request to the main RADIUS server and the forward the response from that server to the client. It's not a NAS. You're using it as a proxy RADIUS server. ^^ Thank you for pointing that out. After making the previous change, instead of the malformed request error, I got: rad_recv: Access-Accept packet from host 208.244.163.17:1812, id=1, length=80 Ignoring request from unknown proxy 208.244.163.17:1812 Which clued me in to the fact that the response was coming from the second IP address on that machine, instead of the one I was sending it to. After changing the IP address in the realms.conf file on the proxy RADIUS server to the one that the response was coming from, it worked like a charm. Unfortunately, when I switch it to MS-CHAPv2 authentication, I get the same problem I had before. It enters the group authorize portion and returns an error 691, that the password is incorrect. Here is my output from the main RADIUS server (not the proxy one): Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /admin/radius main: logdir = /admin/radius/log/radius main: libdir = /usr/local/lib main: radacctdir = /admin/radius/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /admin/radius/log/radius/radius.log main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /admin/radius/run/radiusd/radiusd.pid main: user = nobody main: group = nobody main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /admin/radius/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /admin/radius/raddb/huntgroups preprocess: hints = /admin/radius/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = radius sql: password = Icet4all sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql
RE: MS-CHAPv2 + MySQL + group authtype failure
I got it to work. I removed the @homenode.greatlakes.net from the username and the received response then matched the calculated response. My question now is, if both user egable and [EMAIL PROTECTED] are in the database with the same password, why would it matter which way it is passed in? Is it treating the second as a domain when the domain functionality does not work? Or is it something else? Personally, I'd rather not specify the @node for the username, but I'd still like to know why it doesn't work. Thanks for all the help!! -Original Message- From: Eliot Gable Sent: Tuesday, December 02, 2003 3:14 PM To: [EMAIL PROTECTED] Subject: RE: MS-CHAPv2 + MySQL + group authtype failure -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure What do you mean by configuring a way for the server to authenticate that request? I thought the whole point of the NAS was to simply forward the RADIUS request to the main RADIUS server and the forward the response from that server to the client. It's not a NAS. You're using it as a proxy RADIUS server. ^^ Thank you for pointing that out. After making the previous change, instead of the malformed request error, I got: rad_recv: Access-Accept packet from host 208.244.163.17:1812, id=1, length=80 Ignoring request from unknown proxy 208.244.163.17:1812 Which clued me in to the fact that the response was coming from the second IP address on that machine, instead of the one I was sending it to. After changing the IP address in the realms.conf file on the proxy RADIUS server to the one that the response was coming from, it worked like a charm. Unfortunately, when I switch it to MS-CHAPv2 authentication, I get the same problem I had before. It enters the group authorize portion and returns an error 691, that the password is incorrect. Here is my output from the main RADIUS server (not the proxy one): Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /admin/radius main: logdir = /admin/radius/log/radius main: libdir = /usr/local/lib main: radacctdir = /admin/radius/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /admin/radius/log/radius/radius.log main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /admin/radius/run/radiusd/radiusd.pid main: user = nobody main: group = nobody main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /admin/radius/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /admin/radius/raddb/huntgroups preprocess: hints = /admin/radius/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23
Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote: I got it to work. I removed the @homenode.greatlakes.net from the username and the received response then matched the calculated response. Yup. My question now is, if both user egable and [EMAIL PROTECTED] are in the database with the same password, why would it matter which way it is passed in? Because the client (i.e. Windows box) is using egable to calculate the MS-CHAP data, and then sending [EMAIL PROTECTED] as the User-Name to the RADIUS server. So the RADIUS tries to use [EMAIL PROTECTED] to calculate the MS-CHAP data, and gets confused. I hate Windows. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
So, is it wrong to just use the prefix to calculate the response in the cases where you get a prefix and a suffix? Or are there some cases where this would break other things? Just curious... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 3:30 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure Eliot Gable [EMAIL PROTECTED] wrote: I got it to work. I removed the @homenode.greatlakes.net from the username and the received response then matched the calculated response. Yup. My question now is, if both user egable and [EMAIL PROTECTED] are in the database with the same password, why would it matter which way it is passed in? Because the client (i.e. Windows box) is using egable to calculate the MS-CHAP data, and then sending [EMAIL PROTECTED] as the User-Name to the RADIUS server. So the RADIUS tries to use [EMAIL PROTECTED] to calculate the MS-CHAP data, and gets confused. I hate Windows. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Eliot Gable [EMAIL PROTECTED] wrote: So, is it wrong to just use the prefix to calculate the response in the cases where you get a prefix and a suffix? Or are there some cases where this would break other things? Just curious... The problem is you don't know what the prefix is. Windows is is extremely complicated, does very weird things, and never, ever, tells you what it does, or why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup [EMAIL PROTECTED] wrote: those scripts are *not* on the cvs or anywhere else but this list :) users2mysqlfile.pl , users2pgsqlfile.pl ! :) i know its all public , i think its better to package this script with freeradius :) Many people submit things for inclusion to the server. Not all get in, and fewer get in immediately. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Peter Nixon [EMAIL PROTECTED] wrote: After I have time (Maybe tomorrow depending on workload) to look at the code in those scripts I may (with Alan's permission) add them to cvs. If they work, do something useful, and are reasonably well written, I'm all for it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth MS-CHAP and mysql
Title: Message I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to allow ms-chap and have gotten it to instantiate the module, but I don't know how to enter the ms-chap password into the mysql db. Below is the error: Error: rlm_sql_authorize: no rows returned from query (no such user) Auth: Login incorrect: [testuser/CHAP-Password] (from client radius port 0)
Re: script to move account flat files to MySQL
On Friday 28 November 2003 16:52, Guy Fraser wrote: Here are some perl scripts that I modified to generate sql files from users files. I'm pretty sure they work, but check the files first. there is a lot of useful scripts for freeradius which is not included in freeradus package ( /script ) , is they are storing anywhere ? maybe on cvs ? -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup [EMAIL PROTECTED] wrote: there is a lot of useful scripts for freeradius which is not included in freeradus package ( /script ) , is they are storing anywhere ? maybe on cvs ? Huh? WHat do you mean by that? What scripts are you talking about There is no secret CVS repository of scripts. It's all public, and all scripts are distributed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
On Sunday 30 November 2003 08:07, Alan DeKok wrote: Zoup [EMAIL PROTECTED] wrote Huh? WHat do you mean by that? What scripts are you talking about There is no secret CVS repository of scripts. It's all public, and all scripts are distributed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html those scripts are *not* on the cvs or anywhere else but this list :) users2mysqlfile.pl , users2pgsqlfile.pl ! :) i know its all public , i think its better to package this script with freeradius :) -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup wrote: On Sunday 30 November 2003 08:07, Alan DeKok wrote: Zoup [EMAIL PROTECTED] wrote Huh? WHat do you mean by that? What scripts are you talking about There is no secret CVS repository of scripts. It's all public, and all scripts are distributed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html those scripts are *not* on the cvs or anywhere else but this list :) users2mysqlfile.pl , users2pgsqlfile.pl ! :) i know its all public , i think its better to package this script with freeradius :) After I have time (Maybe tomorrow depending on workload) to look at the code in those scripts I may (with Alan's permission) add them to cvs. Regards Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
[EMAIL PROTECTED] wrote: Hello, I am working on getting the radius account logs to write to MySQL, in the mean time I am still logging accounting information to flat files. I am looking for a script that will take my daily accounting flat files and insert them into MySQL. Does anyone know of any scripts that will do this? I have been looking around and have not found any. there is a script in src/accounting that can do this. It is currently h323 specific, although you can trivially modify it to work with the standard database schema. Let me know if you have trouble with it.. Regards Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Here are some perl scripts that I modified to generate sql files from
users files.
I'm pretty sure they work, but check the files first.
[EMAIL PROTECTED] wrote:
Hello,
I am working on getting the radius account logs to write to
MySQL, in the mean time I am still logging accounting information
to flat files.
I am looking for a script that will take my daily accounting flat
files and insert them into MySQL. Does anyone know of
any scripts that will do this? I have been looking around and
have not found any.
Thanks,
Dave
--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.
#!/usr/bin/perl -w
#
# users2pgsqlfile.pl -- a script to parse a RADIUS users file and fill
# a freeradius PostgreSQL database...
#
#
# Original Script {users2mysql.pl} developed by Rich Puhek, Znet Telecom
#
# Modiified By Guy Fraser to create a file for PostgreSQL
#
# last change: Friday, September 12 2003.
#
#location of source users file:
$users_file=users;
$sql_file=users.sql;
#The following are defaults from freeradius 0.7
# ...shouldn't have to change.
$groups_table=usergroup;
$check_table=radcheck;
$reply_table=radreply;
$debug=3;
use DBD::mysql;
#open the users file, and the db.
open USERS, $users_file or die ERROR: Unable to open $users_file $!\n;
open SQLFILE, $sql_file or die ERROR: Unable to open $sql_file $!\n;
sub check_attribs {
if (!defined($_[0]) or !defined($_[1])) {
print undefined parameter!\n;
return undef;
};
$attr = $_[0];
$val = $_[1];
if ($attr !~
/Password|Framed-IP-Address|Framed-IP-Netmask|Framed-IP-Routing|Framed-Routing|Framed-IP-Route|Framed-Compression|Framed-MTU|Simultaneous-Use|Idle-Timeout|Session-Timeout|Port-Limit|Auth-Type|Service-Type|Netmask|Framed-Protocol/
) {
print unrecognized attribute: $attr\n if $debug1;
return undef;
};
return undef if ( (! defined($val) ) or
( ($attr =~ /Simultaneous\-Use/i) ( $val !~ /^[0-9]*$/ ) )
);
print attribs ok!\n if $debug3;
return TRUE;
};
sub cleanup {
#clean up variables: strip leading/trailing spaces/tabs and trailing commas...
my $myval;
$myval = $_[0];
$myval =~ s/^\s*//g;
$myval =~ s/\s*$//g;
$myval =~ s/,$//;
return $myval;
};
sub user_attribute {
#push values into db...
$dtable=$_[0];
$duser=$_[1];
$dattrib=$_[2];
$dval=$_[3];
if ( $dtable =~ /group/ ) {
$table = usergroup;
} elsif ( $dtable =~ /check/ ) {
$table = radcheck;
} elsif ( $dtable =~ /reply/ ) {
$table = radreply;
} else {
die argh! what table is $dtable?\n;
};
if ( $table =~ /usergroup/ ) {
if ( $dattrib =~ /static/ ) {
#Delete the dynamic entry...
#print SQLFILE DELETE FROM `$table` WHERE `UserName`='$duser'
LIMIT 1;\n;
print SQLFILE UPDATE $table SET GroupName='$dattrib' WHERE
UserName='$duser' and GroupName='dynamic';\n;
if ( $dtable =~ /group/ and $debug2) {
print updating \$duser\ in usergroup table as
member of \$dattrib\\n ;
}
} else {
print SQLFILE INSERT INTO $table (UserName,GroupName) values
('$duser','$dattrib');\n;
if ( $dtable =~ /group/ and $debug2) {
print inserting \$duser\ into usergroup table as
member of \$dattrib\\n ;
};
};
} else {
print SQLFILE INSERT INTO $table (UserName,Attribute,Value,op) values
('$duser','$dattrib','$dval',':=');\n;
if ( $dtable !~ /group/ and $debug2) {
print inserting \$dattrib\, \$dval\ for \$duser\ in
rad$dtable\n ;
};
};
return $return;
};
while (USERS) {
chop;
#Skip comment lines and blank lines...
next if ( /^\#/ );
next if ( /^$/ );
next if ( /^\s*$/ );
if ( /^[a-zA-Z0-9]+/ ) {
print located a user entry: $_\n if $debug6;
($user,$rest) = split /\s/, $_, 2;
#Put user into usergroup as dynamic, if the user's attributes
# include an IP address, the script will change that later...
user_attribute(group,$user,dynamic,);
@attribs = split /,/, $rest;
} else
MySQL Instructions . . .
When I first setup freeradius about 2 months ago, I was following a HOW-TO someone had up which showed how to get freeradius working with mysql. Now I'm looking for it and I cannot locate it. Can someone point me in the correct direction? -- Jason Flatt (jason @ flattfamily . com) Father of five (http://www.flattfamily.com/) Linux user (http://www.sourcemage.org/) IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Instructions . . .
At Thu, 27 Nov 2003 09:06:50 -0800, Jason Flatt wrote: When I first setup freeradius about 2 months ago, I was following a HOW-TO someone had up which showed how to get freeradius working with mysql. Now I'm looking for it and I cannot locate it. Can someone point me in the correct direction? Perhaps you mean this http://www.frontios.com/freeradius.html -- Jason Flatt (jason @ flattfamily . com) Father of five (http://www.flattfamily.com/) Linux user (http://www.sourcemage.org/) IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
script to move account flat files to MySQL
Hello, I am working on getting the radius account logs to write to MySQL, in the mean time I am still logging accounting information to flat files. I am looking for a script that will take my daily accounting flat files and insert them into MySQL. Does anyone know of any scripts that will do this? I have been looking around and have not found any. Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Users in LDAP and mysql
Hi to all, I want to ask this: using freeradius, can you have users in LDAP and mysql so doing authentication from both simultaneous? Thanks a lot Costas A. Christonis Networking Communications Centre Gallos Campus - University of Crete email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Users in LDAP and mysql
On Wed, 19 Nov 2003, Costas Christonis wrote: Hi to all, I want to ask this: using freeradius, can you have users in LDAP and mysql so doing authentication from both simultaneous? In general yes. Though you will probably need to play with Autz-Type and Auth-Type to get that working ok Thanks a lot Costas A. Christonis Networking Communications Centre Gallos Campus - University of Crete email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Interim accounting update +mysql
For some reason mysql is not being update with the interim accouting
updates. Below is one of the accounting requests sent to free radius and
you can see that it does not send the bytes and up time information to
mysql.
Anyone know why?
rad_recv: Accounting-Request packet from host 204.228.226.18:1306, id=249,
length=181
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = SQN2
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = shawn
Calling-Station-Id = 06:2d:1A:05:A2:6B
Called-Station-Id = SpeedyQuick
NAS-Port-Id = Clients
Acct-Session-Id = 8120001a
Framed-IP-Address = 10.69.4.22
Acct-Authentic = RADIUS
Acct-Session-Time = 115201
Acct-Input-Octets = 2350343
Acct-Input-Packets = 27316
Acct-Output-Octets = 36915463
Acct-Output-Packets = 36681
Acct-Status-Type = Alive
NAS-IP-Address = 205.28.26.18
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: No '@' in User-Name = shawn, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: Hashing 'NAS-Port-Id = Clients,Client-IP-Address =
205.28.26.18,NAS-IP-Address = 205.28.26.18,Acc
t-Session-Id = 8120001a,User-Name = shawn'
rlm_acct_unique: Acct-Unique-Session-ID = f56023f6b2ffca98.
modcall[accounting]: module acct_unique returns ok
radius_xlat:
'/usr/local/var/log/radius/radacct/205.28.26.18/detail-20031119'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/ra
dacct/205.28.26.18/detail-20031119
modcall[accounting]: module detail returns ok
modcall[accounting]: module unix returns noop
radius_xlat: 'shawn'
rlm_sql (sql): sql_set_user escaped user -- 'shawn'
radius_xlat: 'UPDATE radacct SET FramedIPAddress = '10.69.4.22' WHERE
AcctSessionId = '8120001a' AND UserName = 'shawn' AND NASIPAddress=
'205.28.26.18' AND AcctStopTime = 0'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
modcall[accounting]: module sql returns ok
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'shawn'
modcall[accounting]: module radutmp returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 249 to 205.28.26.18:1306
Finished request 31
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Interim accounting update +mysql
On Wed, 19 Nov 2003, David Blood wrote:
For some reason mysql is not being update with the interim accouting
updates. Below is one of the accounting requests sent to free radius and
you can see that it does not send the bytes and up time information to
mysql.
Anyone know why?
rad_recv: Accounting-Request packet from host 204.228.226.18:1306, id=249,
length=181
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = SQN2
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = shawn
Calling-Station-Id = 06:2d:1A:05:A2:6B
Called-Station-Id = SpeedyQuick
NAS-Port-Id = Clients
Acct-Session-Id = 8120001a
Framed-IP-Address = 10.69.4.22
Acct-Authentic = RADIUS
Acct-Session-Time = 115201
Acct-Input-Octets = 2350343
Acct-Input-Packets = 27316
Acct-Output-Octets = 36915463
Acct-Output-Packets = 36681
Acct-Status-Type = Alive
NAS-IP-Address = 205.28.26.18
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: No '@' in User-Name = shawn, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: Hashing 'NAS-Port-Id = Clients,Client-IP-Address =
205.28.26.18,NAS-IP-Address = 205.28.26.18,Acc
t-Session-Id = 8120001a,User-Name = shawn'
rlm_acct_unique: Acct-Unique-Session-ID = f56023f6b2ffca98.
modcall[accounting]: module acct_unique returns ok
radius_xlat:
'/usr/local/var/log/radius/radacct/205.28.26.18/detail-20031119'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/ra
dacct/205.28.26.18/detail-20031119
modcall[accounting]: module detail returns ok
modcall[accounting]: module unix returns noop
radius_xlat: 'shawn'
rlm_sql (sql): sql_set_user escaped user -- 'shawn'
radius_xlat: 'UPDATE radacct SET FramedIPAddress = '10.69.4.22' WHERE
AcctSessionId = '8120001a' AND UserName = 'shawn' AND NASIPAddress=
'205.28.26.18' AND AcctStopTime = 0'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
modcall[accounting]: module sql returns ok
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'shawn'
modcall[accounting]: module radutmp returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 249 to 205.28.26.18:1306
Finished request 31
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What does your sql.conf look like?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql and Assigning an IP
I have freeradius/mysql setup authenticating on a MAX2000, the Max has the IP pool. I would like to know how to setup mysql/freeradius to handle giving out the IP. Im sure I its just setting up the table, but I dont know the syntax.
Re: OSX Installation Using Mysql
Hello, After a good night, everything is better. So Andreas Congratulation for your great work, here with your package file everything work perfectly (without a glitch) on any panther distrib (tested on 3 Emac and 2 G4) I m really impressed by it (installing it with a mouse in graphical mode without doing nothing is a real pleasure ) So thanks you very much, but I will continue to check why when I compile it myself I got those error ... I have read many doc on library and OSX/Darwin, but maybe that I need to read more (or maybe that I have read to many ...) Anyway I have a well install version to work with now, so I wish to be able to help you soon. Thanks again for your help Julien - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql undefined symbol _rad_malloc OSX
Ok I have been able to build something a little better: Building with disable shared everything and installing then compiling as static and then installing only the sql module Every module appear to work including rlm_sql_mysql but : rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 dyld: ./radiusd Undefined symbols: _rad_malloc If anyone have a clue to solve this ... Thanks in advance Julien - Original Message - From: Julien Gabry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 7:14 AM Subject: Re: OSX Installation Using Mysql For infos, the package file installl it correctly, but I still got undefined symbol dlcompat: Symbol _rlm_expr So I think it's the configuration of my system itself that should be corrupt. Are you using a complete panther installation or an update of 10.2.8 to panther ? Thanks for your help PS: great job for the package, I wish to be able to make it work and so maybe provide you some key info to make your help you make your pkg work on more Panther version ... Julien - Original Message - From: Julien Gabry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:54 AM Subject: Re: OSX Installation Using Mysql Ok thanks you very much again Andreas... in fact I can make it work if I don't use any option on the configure, but there is just Mysql module working. But for all All other module radiusd.conf[1186] Failed linking to rlm_expr structure in radiusd.conf: dlcompat: Symbol _rlm_expr not found And the same for all other module (except mysql) on the other way by disabling shared Everything work except mysql ... so I m working on a way to build static rlm_mysql and dynamic for other module (for now without success) Thanks for your package, I will try it in a few minutes. (some info about my system ) mysql 4.0.13 (apple binary) Panther 10.3 Devtools provided on Panther cd 4 (MAC OS X Xcode Tools) gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1495) Thanks for your help ++ Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:07 AM Subject: Re: OSX Installation Using Mysql On Nov 17, 2003, at 1:40 PM, Julien Gabry wrote: Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Since Panther I simply need to do % ./configure % make % sudo make install (well, you might have to specify the path to the mysql libs and headers depending on your installation). Since snapshots aren't always guaranteed to work on every platform you either have to be patient or make your own modifications to make it work (monitoring the postings here also helps a lot of times). I did the latter for a recent snapshot and it works for me now (yes, incl. MySQL). see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. -A Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday
MacOS X and dynamic library (was RE: OSX Installation Using Mysql)
I thought there was no dynamic library version of freeradius on MacOS X.. At least that's what 0.9.2 docs say. Jon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
Andreas Wolf [EMAIL PROTECTED] wrote: see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. I'm not sure why patch #1 is necessary. Which C files have problems with the sha1.h file? Patch #2 was added yesterday. Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote: Andreas Wolf [EMAIL PROTECTED] wrote: see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. I'm not sure why patch #1 is necessary. Which C files have problems with the sha1.h file? a lot of people have reported a parser error before mk when compiling snapshots from last week. I found the same thing. 'uint8_t' did not seem to be defined when it parsed sha1.h. Maybe it's fixed now, haven't tried newer snapshots. Patch #2 was added yesterday. Cool. Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6. I saw your check-in but I still got an error (Diameter Attribute overflows packet!). However, by examining the tunneled attributes the data seemed to be correct. I think 'data_len' needs to be adjusted when the padding (rounding up to the nearest 4 byte boundary) is in effect. I think in this case 'data_len length' is true. I can work with you directly if you need access to a MacOS X machine. I don't know how I could give you access to the supplicant, though. Here is the output of freeradius (including my patch #3) Mon Nov 17 18:06:14 2003 : Debug: modcall: group authorize returns updated for request 5 Mon Nov 17 18:06:14 2003 : Debug: rad_check_password: Found Auth-Type EAP Mon Nov 17 18:06:14 2003 : Debug: auth: type EAP Mon Nov 17 18:06:14 2003 : Debug: modcall: entering group authenticate for request 5 Mon Nov 17 18:06:14 2003 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Mon Nov 17 18:06:14 2003 : Debug: rlm_eap: Request found, released from the list Mon Nov 17 18:06:14 2003 : Debug: rlm_eap: EAP_TYPE - ttls Mon Nov 17 18:06:14 2003 : Debug: rlm_eap: processing type ttls Mon Nov 17 18:06:14 2003 : Debug: rlm_eap_ttls: Authenticate Mon Nov 17 18:06:14 2003 : Debug: rlm_eap_tls: processing TLS Mon Nov 17 18:06:14 2003 : Info: rlm_eap_tls: Length Included Mon Nov 17 18:06:14 2003 : Debug: eaptls_verify returned 11 Mon Nov 17 18:06:14 2003 : Debug: eaptls_process returned 7 Mon Nov 17 18:06:14 2003 : Debug: rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS tunnel data in : 00 00 00 01 00 00 00 0d 61 64 6d 69 6e 00 00 00 TTLS tunnel data in 0010: 00 00 00 0b 80 00 00 1c 00 00 01 37 79 eb dd a6 TTLS tunnel data in 0020: 4f f9 a4 cc 81 9a 56 ee 99 f5 d0 c9 00 00 00 19 TTLS tunnel data in 0030: 80 00 00 3e 00 00 01 37 da 00 62 bc de 8b 44 2d TTLS tunnel data in 0040: 20 1b 42 4f 79 de 3b ea 98 a3 00 00 00 00 00 00 TTLS tunnel data in 0050: 00 00 ca 83 c8 df 3d 79 56 e5 12 35 74 d9 b1 df TTLS tunnel data in 0060: ec 67 c8 1f 31 1e a9 f6 45 01 Mon Nov 17 18:06:14 2003 : Debug: rlm_eap_ttls: ERROR! Diameter attribute overflows packet! - 62 64 (without Patch #3 it would fail here; data_len = 62, length = 64; allow that assuming padded data is 2 bytes). TTLS: Got tunneled request User-Name = admin MS-CHAP-Challenge = 0x79ebdda64ff9a4cc819a56ee99f5d0c9 MS-CHAP2-Response = 0xda0062bcde8b442d201b424f79de3bea98a3ca83c8df3d7956e51 23574d9b1dfec67c81f311ea9f64501 Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = admin MS-CHAP-Challenge = 0x79ebdda64ff9a4cc819a56ee99f5d0c9 MS-CHAP2-Response = 0xda0062bcde8b442d201b424f79de3bea98a3ca83c8df3d7956e51 23574d9b1dfec67c81f311ea9f64501 Freeradius-Proxied-To = 127.0.0.1 -Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
At 12:56 PM 11/18/2003, Andreas Wolf wrote: On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote: Andreas Wolf [EMAIL PROTECTED] wrote: see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. I'm not sure why patch #1 is necessary. Which C files have problems with the sha1.h file? a lot of people have reported a parser error before mk when compiling snapshots from last week. I found the same thing. 'uint8_t' did not seem to be defined when it parsed sha1.h. Maybe it's fixed now, haven't tried newer snapshots. Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6. I saw your check-in but I still got an error (Diameter Attribute overflows packet!). However, by examining the tunneled attributes the data seemed to be correct. I think 'data_len' needs to be adjusted when the padding (rounding up to the nearest 4 byte boundary) is in effect. I think in this case 'data_len length' is true. I can work with you directly if you need access to a MacOS X machine. I don't know how I could give you access to the supplicant, though. I can play with it, I've got a panther box here. Let me take a look and see what I can dig up. What options are you passing to ./configure? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
On Nov 18, 2003, at 11:10 AM, Chris Parker wrote: At 12:56 PM 11/18/2003, Andreas Wolf wrote: On Nov 18, 2003, at 8:09 AM, Alan DeKok wrote: Andreas Wolf [EMAIL PROTECTED] wrote: see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. I'm not sure why patch #1 is necessary. Which C files have problems with the sha1.h file? a lot of people have reported a parser error before mk when compiling snapshots from last week. I found the same thing. 'uint8_t' did not seem to be defined when it parsed sha1.h. Maybe it's fixed now, haven't tried newer snapshots. Patch #3 was addressed (I thought) by changes to ttls.c on Nov. 6. I saw your check-in but I still got an error (Diameter Attribute overflows packet!). However, by examining the tunneled attributes the data seemed to be correct. I think 'data_len' needs to be adjusted when the padding (rounding up to the nearest 4 byte boundary) is in effect. I think in this case 'data_len length' is true. I can work with you directly if you need access to a MacOS X machine. I don't know how I could give you access to the supplicant, though. I can play with it, I've got a panther box here. Let me take a look and see what I can dig up. What options are you passing to ./configure? nothing special, just installation specific paths: % ./configure --prefix=/usr/local/freeradius --with-rlm-sql-lib-dir=/usr/local/mysql/lib/mysql/lib --with-rlm-sql-include-dir=/usr/local/mysql/lib/mysql/lib -Andreas -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo-- \-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
