Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: What file(s) should I run ldd against? rlm_sql_mysql.so Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Alan, What file(s) should I run ldd against? Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 4:44 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 -rob At 04:23 PM 12/12/2003 -0500, you wrote: To all, I have spent over 16 hours working this issue now and am completely out of ideas. I have tried RPM Installations of multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still getting the error message: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Deramus, Chris Sent: Friday, December 12, 2003 2:01 PM To: '[EMAIL PROTECTED]' Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 04:14 PM 12/12/2003, Chris Parker wrote: At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. Following up my own post, here are the changes we had to make to the 'configure' in 'src/modules/rlm_sql/drivers/rlm_mysql', around line 900. LIBS=$LIBS -lz to LIBS=$LIBS -lsocket -lnsl -lm -lz In other words, we added the '-lsocket -lnsl -lm' libraries, as there are needed for the compilation to complete. Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
At Wed, 3 Dec 2003 13:22:14 -0500, Michael Shanafelt wrote: Look into your ${exec_prefix}/lib to see if you have something like rlm_sql_mysql.so - rlm_sql_mysql-0.9.2.so If you don't, make sure you have mysql-dev packages installed (header files and stuff) and recompile paying attention to configure and make messages. OK, I had my FreeRadius server working fine for Wireless LAN MAC authentication using the clients and users text files. My next step was to setup a MySQL database that would store the usernames and groups rather than having the text file. I followed the directions in Hassell's RADIUS book and everything was successful until I issued the radiusd -x -x command to start the server. Now I'm getting an error stating: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Radiusd.conf[14]: sql: Module instantiation failed. My limited knowledge tells me that the rlm_sql_mysql driver isn't installed. Is this correct? How can I fix it? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
same problem.. On 3 Dec 2003 at 13:22, Michael Shanafelt wrote: OK, I had my FreeRadius server working fine for Wireless LAN MAC authentication using the clients and users text files. My next step was to setup a MySQL database that would store the usernames and groups rather than having the text file. I followed the directions in Hassell's RADIUS book and everything was successful until I issued the radiusd -x -x command to start the server. Now I'm getting an error stating: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Radiusd.conf[14]: sql: Module instantiation failed. My limited knowledge tells me that the rlm_sql_mysql driver isn't installed. Is this correct? How can I fix it? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html BREUER NICOLAS Content Marketing Manager ** BELCENTER ISP PORTALS ** Avenue Henri Conscience, 94 B -1140 Bruxelles ** HelpDesk : 0902/40.120 ** Tél. :+32 2 243 0 243 Fax :+32 2 243 0 244 E Mail : [EMAIL PROTECTED] http://www.BelCenter.com | http://www.BelCenter.net http://www.LuxCenter.net | http://www.BulkSMS.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Instructions . . .
At Thu, 27 Nov 2003 09:06:50 -0800, Jason Flatt wrote: When I first setup freeradius about 2 months ago, I was following a HOW-TO someone had up which showed how to get freeradius working with mysql. Now I'm looking for it and I cannot locate it. Can someone point me in the correct direction? Perhaps you mean this http://www.frontios.com/freeradius.html -- Jason Flatt (jason @ flattfamily . com) Father of five (http://www.flattfamily.com/) Linux user (http://www.sourcemage.org/) IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql undefined symbol _rad_malloc OSX
Ok I have been able to build something a little better: Building with disable shared everything and installing then compiling as static and then installing only the sql module Every module appear to work including rlm_sql_mysql but : rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 dyld: ./radiusd Undefined symbols: _rad_malloc If anyone have a clue to solve this ... Thanks in advance Julien - Original Message - From: Julien Gabry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 7:14 AM Subject: Re: OSX Installation Using Mysql For infos, the package file installl it correctly, but I still got undefined symbol dlcompat: Symbol _rlm_expr So I think it's the configuration of my system itself that should be corrupt. Are you using a complete panther installation or an update of 10.2.8 to panther ? Thanks for your help PS: great job for the package, I wish to be able to make it work and so maybe provide you some key info to make your help you make your pkg work on more Panther version ... Julien - Original Message - From: Julien Gabry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:54 AM Subject: Re: OSX Installation Using Mysql Ok thanks you very much again Andreas... in fact I can make it work if I don't use any option on the configure, but there is just Mysql module working. But for all All other module radiusd.conf[1186] Failed linking to rlm_expr structure in radiusd.conf: dlcompat: Symbol _rlm_expr not found And the same for all other module (except mysql) on the other way by disabling shared Everything work except mysql ... so I m working on a way to build static rlm_mysql and dynamic for other module (for now without success) Thanks for your package, I will try it in a few minutes. (some info about my system ) mysql 4.0.13 (apple binary) Panther 10.3 Devtools provided on Panther cd 4 (MAC OS X Xcode Tools) gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1495) Thanks for your help ++ Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:07 AM Subject: Re: OSX Installation Using Mysql On Nov 17, 2003, at 1:40 PM, Julien Gabry wrote: Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Since Panther I simply need to do % ./configure % make % sudo make install (well, you might have to specify the path to the mysql libs and headers depending on your installation). Since snapshots aren't always guaranteed to work on every platform you either have to be patient or make your own modifications to make it work (monitoring the postings here also helps a lot of times). I did the latter for a recent snapshot and it works for me now (yes, incl. MySQL). see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. -A Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday,
Re: MySQL Cisco Call Detail
Cisco conf: aaa group server radius WHATEVER server 5.5.5.5 auth-port 1812 acct-port 1813 aaa accounting connection h323 start-stop group WHATEVER I believe the radacct db structure for mysql is somewhere in the freeradius docs. -g This will log everything that happens over the dial peers to the radius db. On Thu, 2003-11-13 at 15:56, Mail_Man wrote: Can someone point me in the right direction to where I can find information on setting up Free Radius so that it collects all the call detail records from a cisco as5300 gateway and stores it in a database? TIA -Seth - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Cisco Call Detail
Mail_Man wrote: Can someone point me in the right direction to where I can find information on setting up Free Radius so that it collects all the call detail records from a cisco as5300 gateway and stores it in a database? TIA -Seth Call detail? You mean calltracker? If so then good luck :D. We did it by: - configure the cisco to use calltracker and output it to the syslog. - tell the cisco to forward the syslog onto a linux box - configure the linux box to accept the incoming syslog requests and pipe it through to a perl script - write a perl script to accept the syslog lines, process them and store them in the database using the ct_hndl field as the key. You cannot match the ct_hndl to the radius keys though, so you won't be able to easily match the calltracker logs to the radius logs. We contacted our cisco gold partner resellers and they contacted cisco themselves, and no-one could figure out a reliable matching system. Cisco advised to not bother with the radius logs, but use the calltracker logs instead. Thanks, James Green - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL NAS-IP restriction by negative match
At 01:23 PM 11/13/2003, Peter LaForest wrote: Hello All, Using 0.9.1 with MySQL. I have found an abundance of documentation about enforcing restrictions using positive NAS-IP matches. This works fine, ie: radgroupcheck id GroupName Attribute Value Op 1 testNAS-IP 10.10.10.10 == will only allow logons from members of group test from the NAS at 10.10.10.10. But what if I want to allow test users to logon to any NAS-IP BUT 10.10.10.10? I have used VOP RADIUS and I can use !10.10.10.10 as a value to mean NOT 10.10.10.10. Is there similar syntax for freeRADIUS? You should review the ./doc/rlm_sql file for more information on what you can use for the different 'Op' values. -- snip -- != Attribute != Value As a check item, matches if the given attribute is in the request, AND does not have the given value. Not allowed as a reply item. -- snip -- I believe that will be what you want. There are others as well, including regular expresion Operators that you can use. You should also ensure that your 'Attribute' is a valid FreeRADIUS attribute. NAS-IP is not in the stock dictionary. NAS-IP-Address is, and is probably what you meant. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL and encrypted passwords
Am Mit, 2003-11-12 um 01.03 schrieb Nikolas Geyer: None of the suggestions seem to have worked. I have run radiusd in debugging mode and it comes up with this however; auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Which could tell you that no valid Auth-Type is there... auth: Failed to validate the user. Below are the relevant tables for the user; [...] mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 2 | static| Auth-Type | := | MD5 | ++---+---++---+ 1 row in set (0.00 sec) Should look like Auth-Type := PAP, because MD5 is in the PAP module... Cheers, Uli [...] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL and encrypted passwords
None of the suggestions seem to have worked. I have run radiusd in debugging mode and it comes up with this however; auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Below are the relevant tables for the user; mysql select * from radgroupreply; ++---+++-+--+ | id | GroupName | Attribute | op | Value | prio | ++---+++-+--+ | 1 | static | Framed-Protocol | := | PPP | 0 | | 2 | static | Service-Type | := | Framed-User | 0 | | 3 | static | Framed-Compression | := | Van-Jacobsen-TCP-IP | 0 | | 4 | static | Framed-MTU | := | 1460 | 0 | ++---+++-+--+ 4 rows in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | [EMAIL PROTECTED] | static | | 4 | [EMAIL PROTECTED] | static | ++--+---+ 2 rows in set (0.00 sec) mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 2 | static | Auth-Type | := | MD5 | ++---+---++---+ 1 row in set (0.00 sec) mysql select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value | ++--+---++--+ | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | | 4 | [EMAIL PROTECTED] | Password | == | ezekeil65OOP | ++--+---++--+ 2 rows in set (0.01 sec) If anyone could help to get it authenticating via MD5 it would be most appreciated. Regards. Nikolas. From: Sergio Jose Ferreira [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2003 8:18 PM To: [EMAIL PROTECTED] Subject: RES: MySQL and encrypted passwords Hi Nikolas, Try : to plain password : | 1 | [EMAIL PROTECTED] |User-Password | == |password | to Crypt password : | 1 | [EMAIL PROTECTED] |Crypt-Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | Sergio Jose Ferreira WGO Internet Catalao - Go - Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de Nikolas Geyer Enviada em: segunda-feira, 10 de novembro de 2003 23:26 Para: [EMAIL PROTECTED] Assunto: MySQL and encrypted passwords Hi all, Hoping someone can help me. I have just installed FreeRadius on a FreeBSD 5.1-STABLE system, using MySQL as the database backend. The problem I am running into is it wont seem to authenticate users unless they are using plain passwords. I have set pap in radiusd.conf to authenticate via MD5, and here is an excerpt of a user in the database; | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | If I authenticate using the password that has been made into a MD5 hash, it fails. If I authenticate using the md5 hash as a clear text password, it authenticates (im using NTRadPing to test). If anyone has had these problems, or could help out it would be most appreciated. Regards, Nikolas. -- Nikolas GeyerSystems AdministrationInfinite NetworksPh: 02 6239 2152Fax: 02 6239 204113 Wiluna StreetFyshwick ACT 2609http://www.infinite.net.au/IMPORTANT NOTICE: This message may contain privileged and confidentialinformation intended only for the above named addressee. If you are not theintended recipient of this message, you are hereby notified that any use,distribution or reproduction of this message or any part thereof isprohibited. Any views expressed in this message are those of the individualsender and may not necessarily reflect the views of Infinite Networks.
RE: MySQL and encrypted passwords
From: Nikolas Geyer Sent: Tuesday, 11 November 2003 12:26 PM Hoping someone can help me. I have just installed FreeRadius on a FreeBSD 5.1-STABLE system, using MySQL as the database backend. The problem I am running into is it wont seem to authenticate users unless they are using plain passwords. I have set pap in radiusd.conf to authenticate via MD5, and here is an excerpt of a user in the database; | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | Shouldn't that by 'User-Password' and ':='? (I'm assuming this is in radcheck) I don't know for sure if that matters, but that's what I'm doing here. -- Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Mysql Optimize Table without losing accounting-data???
Alan wrote: Huh? Logging to the 'detail' file takes nearly zero time. Let me guess: You're running MySQL on the same machine as FreeRADIUS. The solution is simple: Don't do that. Hi Alan, thanks for replying. Yes, we're running mysqld on the same machine as radiusd, but we're not able to change this :( I have now set up a Radius-Proxy with sends requests to an other Radius-Server, when the first is in maintainance. But now i don't know how to tell radiusd that different Vendor-Ids for each request are needed ... well, that's configurable in clients.conf file, but it contains only one client, our Proxy-Server. Please see thread named Configure Vendor-Id by NAS-IP-Address??? (only one client, but 3 types of NASes) ... Thanks a lot! Marc Prenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Solved: Re: MySQL and md5 encrypted passwords
For further generations: I found my old notes and I obviously forgot one thing: To be able to read md5 hashed passwords from MySQL: insert into radgroupcheck (groupname,attribute,op,value) values ('user','Auth-Type',':=','MD5'); Cheers, YazzY On Wed, 24 Sep 2003 21:27:09 +0200 Martin Jessa [EMAIL PROTECTED] wrote: Hei guys. I have troubles with auth agains Mysql with md5 encrypted passwords. My username is being recognized fine but the password is somehow now acceppted. Any idea how to fix that? Anything, hints, config files will be highly appreciated. Thanks in advance. RE usergroup.Username = 'marcin' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall: group authorize returns ok auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 232 to 127.0.0.1:32961 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 232 with timestamp 3f71ef1f - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Martin M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Optimize Table without losing accounting-data???
[EMAIL PROTECTED] wrote: But during the mysql_optimize logging to detailfile takes so much time that radiusd is discarding each request due to live request. Huh? Logging to the 'detail' file takes nearly zero time. Let me guess: You're running MySQL on the same machine as FreeRADIUS. The solution is simple: Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
On Mon, 18 Aug 2003, Adam Carmichael wrote: Hi All! I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. For example, if we have a customer who thinks their dialup account is being exploited - they can change their password, and then see if any authentication requests are being made. (Actually, just thinking about it, the user would not need to change their password, they could just see the times at which their logons (or attempted logons) occur). I have made some Google searches on the list already, and I saw a few posts in which Alan DeKok said that it is possible to do this - however the rest of the replies seemed to wonder away from what I had hoped. Check out dialup_admin/bin/log_badlogins. It will do a tail -f on radius.log and log each failed login as a separate session in the radacct table. Thanks in advance Adam Adam Carmichael Network Operations Manager email: [EMAIL PROTECTED] web: http://www.no1.com.au icq: 2207644 #1 Computer Services, Empowerment Through Internet Communications. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Alan DeKok wrote: Adam Carmichael [EMAIL PROTECTED] wrote: I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. See the 'detail' module in the latest CVS snapshot. It will create detail style files for authentication requests, responses, proxied packets, and replies from a home server. It won't log all of the information you see in debugging mode, but it will log a fair amount of useful data. It's nice to get a lot of data in the detail files, but as I already said before : When you have multiple freeradius servers, you want to store authentication attempts in a database rather than a flat file. I'm doing a patch in rlm_sql to put information in a authlog table after authentification. In fact it's nearly finished, but I want to do more tests and add more commentaries in my source. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Nic, I would love to help you test this!!! Adam - Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 6:16 PM Subject: Re: MySQL Authentication Logging Alan DeKok wrote: Adam Carmichael [EMAIL PROTECTED] wrote: I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. See the 'detail' module in the latest CVS snapshot. It will create detail style files for authentication requests, responses, proxied packets, and replies from a home server. It won't log all of the information you see in debugging mode, but it will log a fair amount of useful data. It's nice to get a lot of data in the detail files, but as I already said before : When you have multiple freeradius servers, you want to store authentication attempts in a database rather than a flat file. I'm doing a patch in rlm_sql to put information in a authlog table after authentification. In fact it's nearly finished, but I want to do more tests and add more commentaries in my source. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Adam Carmichael wrote: I was considering relearning C/C++ all over again so I could help with this just because we need this feature quite badly. I'd love to finally submit something back to an opensource product, but I don't think my coding skills are quite up to scratch for this kind of challenge yet. I'd be more than happy to provide feedback and help with testing however, and I'll help patch what I can. Thanks for the offer of assistance but I can manage the coding part alone. Since the architecture of FR is really clean it's not a big problem. And of course it much better if you do more tests on your side when it's done. Users of this might need additional features, such as the ability to log other kinds of errors (such as RADIUS clients not in clients.conf (or the deprecated clients file) trying to authenticate, or if for example a particular NAS / LNS is running an old secret) so perhaps an auth_default_log() might also be required to log anything that doesn't match one of the other authentication types it could be logged into a kind of table that has a few BLOB or TEXT fields and places the entire log entry into that field. Another scenario is if you use ENCRYPT()'ed passwords within MySQL, and a user tries to log in using CHAP. While writing the patch I gave up about the auth_badpass_table and the auth_goodpass_table. Just one authlog_table is sufficient, and you chose what you put inside with the authlog_query. What do you think? (with regards to the above outlined mysql logging scenarios). If you'd like to further development, then I'll subscribe to freeradius-developers and help out where I can. I think indeed we should follow the discussion in the freeradius-devel mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
- Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 6:57 PM Subject: Re: MySQL Authentication Logging Adam Carmichael wrote: I was considering relearning C/C++ all over again so I could help with this just because we need this feature quite badly. I'd love to finally submit something back to an opensource product, but I don't think my coding skills are quite up to scratch for this kind of challenge yet. I'd be more than happy to provide feedback and help with testing however, and I'll help patch what I can. Thanks for the offer of assistance but I can manage the coding part alone. Since the architecture of FR is really clean it's not a big problem. And of course it much better if you do more tests on your side when it's done. Users of this might need additional features, such as the ability to log other kinds of errors (such as RADIUS clients not in clients.conf (or the deprecated clients file) trying to authenticate, or if for example a particular NAS / LNS is running an old secret) so perhaps an auth_default_log() might also be required to log anything that doesn't match one of the other authentication types it could be logged into a kind of table that has a few BLOB or TEXT fields and places the entire log entry into that field. Another scenario is if you use ENCRYPT()'ed passwords within MySQL, and a user tries to log in using CHAP. While writing the patch I gave up about the auth_badpass_table and the auth_goodpass_table. Just one authlog_table is sufficient, and you chose what you put inside with the authlog_query. What do you think? (with regards to the above outlined mysql logging scenarios). If you'd like to further development, then I'll subscribe to freeradius-developers and help out where I can. I think indeed we should follow the discussion in the freeradius-devel mailing list. -- Nicolas Baradakis Indeed, I'll subscribe to the list now :) -- Adam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Adam Carmichael [EMAIL PROTECTED] wrote: I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. See the 'detail' module in the latest CVS snapshot. It will create detail style files for authentication requests, responses, proxied packets, and replies from a home server. It won't log all of the information you see in debugging mode, but it will log a fair amount of useful data. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
On Mon, 2003-08-18 at 05:30, Adam Carmichael wrote: Hi All! I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. I'm using a simple script that reads radius.log and put that in a mysql table that can be accessed by our helpdesk by using a simple php-interface to help people with their dialin problems. Maybe you can do something with it. Succes, Chris The db struct of radproblems is: mysql describe radproblems; +--+--+--+-+-++ | Field| Type | Null | Key | Default | Extra | +--+--+--+-+-++ | RadProblemId | bigint(21) | | PRI | NULL| auto_increment | | UserName | varchar(255) | | MUL | || | Password | varchar(255) | | | || | AuthTime | datetime | | | -00-00 00:00:00 || | Realm| varchar(64) | YES | | || | NASIPAddress | varchar(15) | | | || | CalledStationId | varchar(30) | | | || | CallingStationId | varchar(30) | | MUL | || | TerminateCause | varchar(64) | | | || +--+--+--+-+-++ 9 rows in set (0.00 sec) The import script: cat /usr/local/bin/parse-radiuslog.sh #!/bin/sh # Input format: # Mon Mar 10 11:07:06 2003 : Auth: Login incorrect (rlm_ldap: Bind as user failed): [user/password] (from client nas port 16578 cli 012345678) INFILE=/var/log/freeradius/radius.log TMPFILE=/var/log/freeradius/radius.tmp ADDTOFILE=/var/log/freeradius/radius.parsed SQLTMPFILE=/var/log/freeradius/radius.tmp.sql if [ -f $TMPFILE ] then rm $TMPFILE fi if [ -f $SQLTMPFILE ] then rm $SQLTMPFILE fi mv $INFILE $TMPFILE check=`cat ${TMPFILE} | grep 'Auth: Login incorrect'` if [ -z $check ] then echo ; else cat ${TMPFILE} | grep 'Auth: Login incorrect' | while read LINE; do P1=`echo ${LINE} | sed -e 's/^.*\[\([^/]*\).*$/\1/' -e s/\'/#/g -e s/\/#/g` P2=`echo ${LINE} | sed -e 's/^.*\(\[.*\]\).*$/\1/' -e 's/^.*\/\(.*\)]$/\1/' -e s/\'/#/g -e s/\/#/g` # P1=`echo ${LINE} | sed 's/^.*\(\[.*\]\).*$/\1/'` P3=`echo ${LINE} | awk '{print $5 - $2 - $3 $4}' | sed -e 's/Jan/1/' -e 's/Feb/2/' -e 's/Mar/3/' -e 's/Apr/4/' -e 's/May/5/' -e 's/Jun/6/' -e 's/Jul/7/' -e 's/Aug/8/' -e 's/Sep/10/' -e 's/Oct/10/' -e 's/Nov/11/' -e 's/Dec/12/'` P4=`echo ${LINE} | grep ' cli ' | sed 's/^.*cli \b\([0-9]*\).*$/\1/'` P5=`echo ${LINE} | grep 'rlm_ldap:' | sed 's/^.*rlm_ldap: \([A-Za-z0-9 ] *\).*$/\1/'` echo INSERT INTO radproblems VALUES ('','${P1}','${P2}','${P3}','','',' ','${P4}','${P5}'); | sed 's/\\//' $SQLTMPFILE done mysql -hyour.mysql.host -usqluser -ppassword database $SQLTMPFILE fi cat $TMPFILE $ADDTOFILE For example, if we have a customer who thinks their dialup account is being exploited - they can change their password, and then see if any authentication requests are being made. (Actually, just thinking about it, the user would not need to change their password, they could just see the times at which their logons (or attempted logons) occur). I have made some Google searches on the list already, and I saw a few posts in which Alan DeKok said that it is possible to do this - however the rest of the replies seemed to wonder away from what I had hoped. Thanks in advance Adam Adam Carmichael Network Operations Manager email: [EMAIL PROTECTED] web: http://www.no1.com.au icq: 2207644 #1 Computer Services, Empowerment Through Internet Communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Chris van Meerendonk wrote: On Mon, 2003-08-18 at 05:30, Adam Carmichael wrote: I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. I'm using a simple script that reads radius.log and put that in a mysql table that can be accessed by our helpdesk by using a simple php-interface to help people with their dialin problems. Maybe you can do something with it. The situation isn't so easy when you have multiple freeradius servers, and in that case you want to store authentication attempts in a database rather than a flat file. For different reasons I need also logging connexion requests and I already thought a little about it. I'm considering writing a patch for this problem, and I would like advice from the developpers to do it the efficiently. Please correct me if the following doesn't make sense. The extension should be made in module rlm_sql because here you have all you need to connect the database and make a request (and the administrator may store the authcheck_table, the acct_table and the authentication attempts in the same db). Then in sql.conf you should add four lines with auth_badpass_table, auth_goodpass_table, auth_badpass_query, auth_goodpass_query (or something like that). We know in authentication whether the password is valid, so you have to enter module rlm_sql at this time. It requires to add a function rlm_sql_authenticate() to manage it... If I get something working from this idea I'll submit the patch in the mailing list later. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Hi Nicolas, I was considering relearning C/C++ all over again so I could help with this just because we need this feature quite badly. I'd love to finally submit something back to an opensource product, but I don't think my coding skills are quite up to scratch for this kind of challenge yet. I'd be more than happy to provide feedback and help with testing however, and I'll help patch what I can. Users of this might need additional features, such as the ability to log other kinds of errors (such as RADIUS clients not in clients.conf (or the deprecated clients file) trying to authenticate, or if for example a particular NAS / LNS is running an old secret) so perhaps an auth_default_log() might also be required to log anything that doesn't match one of the other authentication types it could be logged into a kind of table that has a few BLOB or TEXT fields and places the entire log entry into that field. Another scenario is if you use ENCRYPT()'ed passwords within MySQL, and a user tries to log in using CHAP. These are just two of the kinds of problems that have plagued the last week of my work. In the end, I just left a whole bunch of users with the Password attribute set, and another bunch with Crypt-Password. Not very good practise I know, but all scripts (both online and Windows based VB applications) update the attribute field when editing / inserting a password. What do you think? (with regards to the above outlined mysql logging scenarios). If you'd like to further development, then I'll subscribe to freeradius-developers and help out where I can. Adam. - Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 18, 2003 10:05 PM Subject: Re: MySQL Authentication Logging Chris van Meerendonk wrote: On Mon, 2003-08-18 at 05:30, Adam Carmichael wrote: I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. I'm using a simple script that reads radius.log and put that in a mysql table that can be accessed by our helpdesk by using a simple php-interface to help people with their dialin problems. Maybe you can do something with it. The situation isn't so easy when you have multiple freeradius servers, and in that case you want to store authentication attempts in a database rather than a flat file. For different reasons I need also logging connexion requests and I already thought a little about it. I'm considering writing a patch for this problem, and I would like advice from the developpers to do it the efficiently. Please correct me if the following doesn't make sense. The extension should be made in module rlm_sql because here you have all you need to connect the database and make a request (and the administrator may store the authcheck_table, the acct_table and the authentication attempts in the same db). Then in sql.conf you should add four lines with auth_badpass_table, auth_goodpass_table, auth_badpass_query, auth_goodpass_query (or something like that). We know in authentication whether the password is valid, so you have to enter module rlm_sql at this time. It requires to add a function rlm_sql_authenticate() to manage it... If I get something working from this idea I'll submit the patch in the mailing list later. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL radacc
Hi Sergio Yes, thanks for that, and it was a NAS problem. Think this is something to watch out for in the future!!! Rgds Lee - Original Message - From: sergio jose ferreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 05, 2003 12:16 AM Subject: RES: MySQL radacc Hi Lee, You can download my radius config files from : http://www.ispadmin.com.br/downloads.html for reference. I had same problem but the problem was at NAS that didn't send the accountting packets. Are you execute radiusd with -X for debug. []'s Sergio Jose Ferreira WGO Internet Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Lee Norvall Enviada em: sexta-feira, 4 de julho de 2003 18:44 Para: [EMAIL PROTECTED] Assunto: MySQL radacc Hi I am currently setup with MySQL and I am not getting any information added to the radacc table when I make a make a request. I can auth ok and have attribs returned. Is there some setting I need to add somewhere or extra arrtibs that I need to send to the server?? I have set sql within the accounting section of the radiusd.conf. Any ides please??? Regards Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql driver - Solaris
Paul Flintoff [EMAIL PROTECTED] wrote: I have checked that what I believe are the mysql headers are present in /usr/local/mysql/include. However whenever I try and run configure from src/modules/rlm_sql/drivers/rlm_sql_mysql (even with the --with-mysql-include-dir=3D/usr/local/mysql/include set ) it fails to find mysql.h. Even though this file is in that include directory. Have you tried editing the 'Makefile' by hand? It's only about 5 lines long, and shouldn't be too difficult to figure out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mySQL + radius
On Tuesday 24 June 2003 3:13 am, Tomas Bozsaky wrote: hello, mysql does not support triggers. function inside mysql - you can, but i do not know, how. According to the features, this is scheduled for inclusion in mysql version 5.0. The problem is that the current production release is 4.0.13 while the alpha test version is 4.1 -- in other words, not yet, but soon... Tuesday, June 24, 2003, 11:42:39 AM, Truong wrote: Can I ask a question : How can I update to mySQL database automatically a table that store money that users must charge for the sections their connection? I'm seeing this question surface more and more -- perhaps I'm attuned to it because I'm already doing something similar -- but I'll interject before the rest of the developers do and point out that this really isn't a function of radius per se. Radius is almost strictly devoted to answering the question are you allowed to be here? [and has a side feature of tracking how often you visit and how long you stay] The twist to this is that part of the answer to are you allowed to be here? is have you paid for your admission ticket?, which is an obscure way of rewording your question, and I'll bet the developers will roll their eyes and groan because thinking about it that way DOES make monatary tracking a part of radius, and I'm sure they don't want to venture into that territory :) Now, all that aside, let me ask in return: are you thinking of a pre-paid system wherein users will pay for access in advance, or more of a bar-tab scenario where upon logout you issue a charge based on how long they were actually online? [and perhaps bill them only when it exceeds a certain amount] With a pre-paid system, this is fairly easy to implement using a counter [hint: consider reset=never and a counter limit of 3600 seconds] With a charge-after-use system, it would probably be better to write a program to read the accounting log files and generate real transactions in an accounts receivables program -- Yet another Blog: http://osnut.homelinux.net pgp0.pgp Description: signature
Re: MySQL database error
On Wed, Jun 18, 2003 at 12:14:12AM -0500, Jeff wrote: Ok I installed version 0.8.1, but I still see the open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 line. This would indicate-as you said that the linker is not working correctly? Or looking in the wrong place? No, if you see that it means you are NOT running 0.8.1. ie, not a linker problem, it's user error. :-) Here is the output from radiusd -X (running version 0.8.1): oh sorry, you did put in the strace, I didn't read that far. And strace -e open radiusd: [MOCKINGBIRD.ROOT][/home/jefft/freeradius-0.8.1]# strace -e open radiusd ... This needs to be radiusd -X. From what you've shown I can't verify what version this is and what it's doing. Also, you are probably not running what you think you are. I certainly hope '.' is not your $PATH. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Wed, Jun 18, 2003 at 12:14:12AM -0500, Jeff wrote: Ok I installed version 0.8.1, but I still see the open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 line. This would indicate-as you said that the linker is not working correctly? Or looking in the wrong place? Here is the output from radiusd -X (running version 0.8.1): [MOCKINGBIRD.ROOT][/home/jefft/freeradius-0.8.1]# radiusd -X You are not showing strace. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL: Unknown attribute SQL-User-Name
At 02:29 PM 6/18/2003, you wrote: Hi, I having the following error: Unknown attribute SQL- User-Name When Authenticating using a MySQL Database. Here is the output of radiusd -X : [/usr/local/etc/raddb/users]:1 WARNING! Check item Simultaneous-Use ?found in reply item list for user bibo. ?This attribute MUST go on the first line with the other check items [/usr/local/etc/raddb/users]:10 WARNING! Check item Simultaneous-Use ?found in reply item list for user DEFAULT. ?This attribute MUST go on the first line w ith the other check items Fix this first. Unknown attribute SQL-User-Name modcall[authorize]: module sql returns fail Anyone could tell me why I not seeing a SQL Query on the screen? Instead I get Unknow attribute SQL-User- Name Does your dictionary file include an entry for SQL-User-Name? Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL database error
Ok I got freeradius-0.8.1 installed! It was indeed a malfunctioning linker, so I backed up all of my configs and reinstalled FreeBSD. I compiled mysql4 and freeradius8 without any problems, but now mysql is not authenticating users... I get the following error from radiusd -X: rad_recv: Access-Request packet from host 204.57.72.47:1026, id=33, length=57 User-Name = jefft User-Password = jefft1 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 rad_rmspace_pair: User-Name now 'jefft' rad_rmspace_pair: User-Password now 'jefft1' modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound radius_xlat: 'jefft' rlm_sql (sql): sql_set_user escaped user -- 'jefft' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok users: Matched DEFAULT at 150 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System auth: Failed to validate the user. Login incorrect: [jefft/jefft1] (from client NAS port 99) rad_lowerpair: User-Name now 'jefft' modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound radius_xlat: 'jefft' rlm_sql (sql): sql_set_user escaped user -- 'jefft' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok users: Matched DEFAULT at 150 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System auth: Failed to
Re: MySQL database error
On Wednesday 18 June 2003 4:18 pm, Jeff Thompson - World Net Technical Support wrote: Ok I got freeradius-0.8.1 installed! ... but now mysql is not authenticating users... I get the following error from radiusd -X: rad_recv: Access-Request packet from host 204.57.72.47:1026, id=33, length=57 User-Name = jefft User-Password = jefft1 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 [...] rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id [...] modcall[authorize]: module sql returns ok users: Matched DEFAULT at 150 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System As I understand it, auth type system means use the unix passwd/shadow file. You need to set auth-type := local at some point [either in the defualt entry in the users file, or as one of the radcheck entries for username=jefft in the database] -- Yet another Blog: http://osnut.homelinux.net pgp0.pgp Description: signature
Re: MySQL database error
That was indeed it! It was set to system, changing it to Local worked! I'm finally done, and many many thanks to this list! On Wednesday 18 June 2003 4:18 pm, Jeff Thompson - World Net Technical Support wrote: Ok I got freeradius-0.8.1 installed! ... but now mysql is not authenticating users... I get the following error from radiusd -X: rad_recv: Access-Request packet from host 204.57.72.47:1026, id=33, length=57 User-Name = jefft User-Password = jefft1 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 [...] rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id [...] modcall[authorize]: module sql returns ok users: Matched DEFAULT at 150 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System As I understand it, auth type system means use the unix passwd/shadow file. You need to set auth-type := local at some point [either in the defualt entry in the users file, or as one of the radcheck entries for username=jefft in the database] -- Yet another Blog: http://osnut.homelinux.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
This was covered all yesterday, but here is the output of radiusd -x when compiled using the source tarball from freeradius.org using ./configure --with-raddbdir=/etc/raddb --with-logdir=/var/log/radius: [MOCKINGBIRD.ROOT][/home/jefft/freeradius-0.8.1]# radiusd -x Starting - reading configuration files ... Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded SQL rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I go to the ports collection provided with FreeBSD (/usr/ports/net/freeradius/work/freeradius-0.7) and run the SAME configure line: ./configure --with-raddbdir=/etc/raddb --with-logdir=/var/log/radius It builds, installs and loads the sql module with no problem: [MOCKINGBIRD.ROOT][/usr/ports/net/freeradius/work/freeradius-0.7]# radiusd -x Starting - reading configuration files ... Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded SQL rlm_sql: Driver rlm_sql_mysql loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql: Starting connect to MySQL server for #0 rlm_sql: Connected new DB handle, #0 rlm_sql: starting 1 rlm_sql: Attempting to connect #1 rlm_sql: Starting connect to MySQL server for #1 rlm_sql: Connected new DB handle, #1 rlm_sql: starting 2 rlm_sql: Attempting to connect #2 rlm_sql: Starting connect to MySQL server for #2 rlm_sql: Connected new DB handle, #2 rlm_sql: starting 3 rlm_sql: Attempting to connect #3 rlm_sql: Starting connect to MySQL server for #3 rlm_sql: Connected new DB handle, #3 rlm_sql: starting 4 rlm_sql: Attempting to connect #4 rlm_sql: Starting connect to MySQL server for #4 rlm_sql: Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded files [/etc/raddb/users]:80 Cistron compatibility checks for entry steve ... [/etc/raddb/users]:150 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:169 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:195 Cistron compatibility checks for entry DEFAULT ... Module: Instantiated files (files) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on IP address *, ports 1645/udp and 1646/udp. Ready to process requests. I have tried all of the ./configure switches to try and get .8 or .8.1 to load the rlm_sql_mysql module-but it will not. I KNOW this module is installing, but when radiusd goes to start it crashes. I REALLY need to get this working with mysql, but cannot make heads or tails of the problems I am having... On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 10:16:55PM -0500, Jeff Thompson - World Net Technical Support wrote: This was covered all yesterday, but here is the output of radiusd -x when See below On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) You missed that last part. Actually, just the 'strace -e open' equivalent. Just plain strace would be too noisy. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
/rlm_realm.la, O_RDONLY) = 10 open(/usr/local/lib/rlm_realm.a, O_RDONLY) = 10 open(/usr/local/lib/rlm_realm-0.7.so, O_RDONLY) = 10 open(/usr/local/lib/rlm_radutmp.la, O_RDONLY) = 10 open(/usr/local/lib/rlm_radutmp.a, O_RDONLY) = 10 open(/usr/local/lib/rlm_radutmp-0.7.so, O_RDONLY) = 10 open(/etc/spwd.db, O_RDONLY) = 10 open(/etc/group, O_RDONLY)= 10 - Original Message - From: Frank Cusack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:35 PM Subject: Re: MySQL database error On Tue, Jun 17, 2003 at 10:16:55PM -0500, Jeff Thompson - World Net Technical Support wrote: This was covered all yesterday, but here is the output of radiusd -x when See below On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) You missed that last part. Actually, just the 'strace -e open' equivalent. Just plain strace would be too noisy. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
And here's some more output, this is my buffer after trying to login to my NAS using the 'jefft' account I created in mysql database 'radius' rad_recv: Access-Request packet from host 204.57.72.47:1026, id=19, length=57 User-Name = jefft User-Password = \207C\017J\366\353\253\221\231Z8\370)M\377\336 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 rlm_chap: Could not find proper Chap-Password attribute in request rlm_sql: Reserving sql socket id: 2 query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id query: MYSQL check_error: 1065 received rlm_sql_authorize: database query error rlm_sql: Released sql socket id: 2 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=19, length=57 Sending Access-Reject of id 19 to 204.57.72.47:1026 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=20, length=57 User-Name = jefft User-Password = \345\253q\320\006\243\271\222)\314\246\326x\250\357\242 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 rlm_chap: Could not find proper Chap-Password attribute in request rlm_sql: Reserving sql socket id: 1 query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id query: MYSQL check_error: 1065 received rlm_sql_authorize: database query error rlm_sql: Released sql socket id: 1 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=20, length=57 Sending Access-Reject of id 20 to 204.57.72.47:1026 - Original Message - From: Frank Cusack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:35 PM Subject: Re: MySQL database error On Tue, Jun 17, 2003 at 10:16:55PM -0500, Jeff Thompson - World Net Technical Support wrote: This was covered all yesterday, but here is the output of radiusd -x when See below On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) You missed that last part. Actually, just the 'strace -e open' equivalent. Just plain strace would be too noisy. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 10:40:57PM -0500, Jeff wrote: [MOCKINGBIRD.ROOT][/home/jefft]# strace -e open radiusd really should have done radiusd -X, but still the info here is good: open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 first of all, this is freeradius 0.7, not 0.8.1 or CVS (CVS will say 0.8.1 as well) ... open(/usr/local/lib/rlm_sql.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.la, O_RDONLY) = 5 open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) Can you show me the contents of /usr/local/lib/rlm_sql_mysql.la ? (It's a text file) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) So the problem should be clear ... the mysql lib either cannot be found, or the runtime linker is not configured properly, or the library path is not encoded into the rlm_sql_mysql library properly. open(/usr/local/lib/rlm_sql_mysql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.so.0, O_RDONLY) = 5 This is not a versioned library; an indicator that this is not the CVS freeradiusd. (But we already knew that.) open(/usr/lib/libmysqlclient.so.10, O_RDONLY) = 5 open(/usr/lib/libz.so.2, O_RDONLY)= 5 So here, you can see libz was found. It's hard to tell exactly from this trace, but it's likely that this one is found because the system libmysqlclient is correct while the freeradius module is incorrect (regarding the library path). You'll need to post 0.8.1 results (or preferrably CVS) for me to go further. I'm not interested in looking at 0.7 issues. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
/group, O_RDONLY)= 5 - Original Message - From: Frank Cusack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 11:58 PM Subject: Re: MySQL database error On Tue, Jun 17, 2003 at 10:40:57PM -0500, Jeff wrote: [MOCKINGBIRD.ROOT][/home/jefft]# strace -e open radiusd really should have done radiusd -X, but still the info here is good: open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 first of all, this is freeradius 0.7, not 0.8.1 or CVS (CVS will say 0.8.1 as well) ... open(/usr/local/lib/rlm_sql.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.la, O_RDONLY) = 5 open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) Can you show me the contents of /usr/local/lib/rlm_sql_mysql.la ? (It's a text file) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) So the problem should be clear ... the mysql lib either cannot be found, or the runtime linker is not configured properly, or the library path is not encoded into the rlm_sql_mysql library properly. open(/usr/local/lib/rlm_sql_mysql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.so.0, O_RDONLY) = 5 This is not a versioned library; an indicator that this is not the CVS freeradiusd. (But we already knew that.) open(/usr/lib/libmysqlclient.so.10, O_RDONLY) = 5 open(/usr/lib/libz.so.2, O_RDONLY)= 5 So here, you can see libz was found. It's hard to tell exactly from this trace, but it's likely that this one is found because the system libmysqlclient is correct while the freeradius module is incorrect (regarding the library path). You'll need to post 0.8.1 results (or preferrably CVS) for me to go further. I'm not interested in looking at 0.7 issues. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
Ok, tried that, no change. Thanks anyway. BTW, am I incorrect in assuming that these are tried in order until a) they all fail, or b) one is successful? Scott Mace Network Administrator TravelCenters of America 24601 Center Ridge Rd. Westlake, OH 44145 440-808-4318 Ed H [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/21/2003 07:05 PM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: MySQL Authentication Hello Scott: It looks like you might be trying to use unix passwd/shadow authentication and sql both. Make sure your radiusd.conf file comments out all references to unix, and file. Should like something similar to this (this is just an example): authenticate { authtype PAP { pap } authtype CHAP { chap } # pam # unix # authtype LDAP { # ldap # } # eap } preacct { preprocess suffix # files } accounting { # acct_unique # detail # counter # unix# wtmp file sql # radutmp # sradutmp } session { # radutmp sql } Ed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
Would it be possible to let me look at your config? Maybe a sample user from your database? (No user id's/passwords/ip addresses of course) Scott Mace Network Administrator TravelCenters of America 24601 Center Ridge Rd. Westlake, OH 44145 440-808-4318 Pablo Veliz [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/21/2003 07:29 PM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: MySQL Authentication El Fri, 21 Mar 2003 17:31:16 -0500 [EMAIL PROTECTED] escribió: I've seen quite a few messages in the archives regarding different issues with MySQL authentication. I can get nothing to work. I tried this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg12306.html and this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg14684.html (which wouldn't apply properly, I'm no programmer) and I still can't get MySQL authentication to work. I used the instructions here: http://www.frontios.com/freeradius.html and got authentication working just fine with using the users file. I can get accounting info into my database, but the rlm_mysql doesn't seem to be connecting to the db at all, which indicates the port issue described in the second patch thread I listed. I don't know how to help you, but I can tell you that I installed freeRadius 0.8.1 in Mandrake 9.0 and I have it working without problem right now. I use only mysql for auth and acct, maybe my radius.conf can give you a clue. I must say that my users file is empty. I'm planning to move this to a RH7.0 server or maybe a RH8.0 -- Pablo Veliz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Authentication
Well, I used the Dialup Admin tool with the default setting of using crypt passwords. Here's my DB info, thanks for your help! mysql select *from radcheck; ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 3 | scotty | Crypt-Password | := | $1$k.732Mhx$oNSh46n4YSq7NvAsGQnIu. | ++--++++ 1 row in set (0.00 sec) mysql select *from radreply; ++--+-++---+ | id | UserName | Attribute | op | Value | ++--+-++---+ | 1 | scotty | Framed-Protocol | = | PPP | ++--+-++---+ 1 row in set (0.01 sec) mysql select *from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | test | Auth-Type | := | Local | ++---+---++---+ 1 row in set (0.01 sec) mysql select *from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 2 | scotty | test | ++--+---+ 1 row in set (0.00 sec) mysql select *from radgroupreply; ++---+++-+--+ | id | GroupName | Attribute | op | Value | prio | ++---+++-+--+ | 1 | test | Framed-Compression | := | Van-Jacobsen-TCP-IP |1 | | 2 | test | Framed-Protocol| := | PPP |1 | | 3 | test | Service-Type | := | Framed-User |1 | ++---+++-+--+ 3 rows in set (0.00 sec) Scott Mace Network Administrator TravelCenters of America 24601 Center Ridge Rd. Westlake, OH 44145 440-808-4318 Scott Bartlett [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/22/2003 05:54 AM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:RE: MySQL Authentication Scott, Your debug notes you've got PAP encryption set - is this the issue? I'd try with it set to 'clear' first if I were you, then go from there once that works... Can you post examples of what you've got in the database? SB Scott Bartlett BTA Limited, 100 High Street Wandsworth, London SW18 4LA, United Kingdom e: [EMAIL PROTECTED]v: +44 (0)20 8871 4240 f: +44 (0)20 8871 4584 Network Consultancy and Support for Windows, MacOS and Linux. Internet connectivity, solutions, web/database development and business services.http://www.bta.com. cut - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Authentication
Scott, Hmmm Does your sqltrace file give any clues? That'll show the actual SQL which is executing against the database... Scott. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Posted At: Monday, March 24, 2003 1:42 PM Posted To: FreeRadius Conversation: MySQL Authentication Subject: RE: MySQL Authentication Well, I used the Dialup Admin tool with the default setting of using crypt passwords. Here's my DB info, thanks for your help! cut --- This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of BTA Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Authentication
Scott, Your debug notes you've got PAP encryption set - is this the issue? I'd try with it set to 'clear' first if I were you, then go from there once that works... Can you post examples of what you've got in the database? SB Scott Bartlett BTA Limited, 100 High Street Wandsworth, London SW18 4LA, United Kingdom e: [EMAIL PROTECTED]v: +44 (0)20 8871 4240 f: +44 (0)20 8871 4584 Network Consultancy and Support for Windows, MacOS and Linux. Internet connectivity, solutions, web/database development and business services.http://www.bta.com. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Posted At: 21 March 2003 22:31 Posted To: FreeRadius Conversation: MySQL Authentication Subject: MySQL Authentication I've seen quite a few messages in the archives regarding different issues with MySQL authentication. I can get nothing to work. I tried this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg12306.h tml and this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg14684.h tml (which wouldn't apply properly, I'm no programmer) and I still can't get MySQL authentication to work. I used the instructions here: http://www.frontios.com/freeradius.html and got authentication working just fine with using the users file. I can get accounting info into my database, but the rlm_mysql doesn't seem to be connecting to the db at all, which indicates the port issue described in the second patch thread I listed. I tries the CVS snapshot from the ftp site, and the 0.8.1 release, both yield the exact results. I now am using the 0.8.1 release Other info: cut Module: Loaded PAP pap: encryption_scheme = crypt cut --- This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of BTA Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
Hello Scott: It looks like you might be trying to use unix passwd/shadow authentication and sql both. Make sure your radiusd.conf file comments out all references to unix, and file. Should like something similar to this (this is just an example): authenticate { authtype PAP { pap } authtype CHAP { chap } # pam # unix # authtype LDAP { # ldap # } # eap } preacct { preprocess suffix # files } accounting { # acct_unique # detail # counter # unix# wtmp file sql # radutmp # sradutmp } session { # radutmp sql } Ed From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: MySQL Authentication Date: Fri, 21 Mar 2003 17:31:16 -0500 I've seen quite a few messages in the archives regarding different issues with MySQL authentication. I can get nothing to work. I tried this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg12306.html and this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg14684.html (which wouldn't apply properly, I'm no programmer) and I still can't get MySQL authentication to work. I used the instructions here: http://www.frontios.com/freeradius.html and got authentication working just fine with using the users file. I can get accounting info into my database, but the rlm_mysql doesn't seem to be connecting to the db at all, which indicates the port issue described in the second patch thread I listed. I tries the CVS snapshot from the ftp site, and the 0.8.1 release, both yield the exact results. I now am using the 0.8.1 release Other info: RedHat 8.0 MySQL related: mod_auth_mysql-1.11-10 mysql-server-3.23.54a-4 mysql-devel-3.23.54a-4 libdbi-dbd-mysql-0.6.5-2 mysql-3.23.54a-4 php-mysql-4.2.2-8.0.7 Any ideas? Initialization log Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = yes Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = lnxradius01.ta.com sql: port = sql: login = dialup_admin sql: password = sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct
Re: MySQL Authentication
El Fri, 21 Mar 2003 17:31:16 -0500 [EMAIL PROTECTED] escribió: I've seen quite a few messages in the archives regarding different issues with MySQL authentication. I can get nothing to work. I tried this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg12306.html and this patch, http://www.mail-archive.com/[EMAIL PROTECTED]/msg14684.html (which wouldn't apply properly, I'm no programmer) and I still can't get MySQL authentication to work. I used the instructions here: http://www.frontios.com/freeradius.html and got authentication working just fine with using the users file. I can get accounting info into my database, but the rlm_mysql doesn't seem to be connecting to the db at all, which indicates the port issue described in the second patch thread I listed. I don't know how to help you, but I can tell you that I installed freeRadius 0.8.1 in Mandrake 9.0 and I have it working without problem right now. I use only mysql for auth and acct, maybe my radius.conf can give you a clue. I must say that my users file is empty. --- radius.conf --- prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions= yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes usercollide = yes lower_user = no lower_pass = no nospace_user = yes nospace_pass = yes checkrad = ${sbindir}/checkrad security { max_attributes = 1200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } realm suffix { format = suffix delimiter = @ } realm realmslash { format = prefix delimiter = / } realm realmpercent { format = suffix delimiter = % } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp perm = 0600 callerid = yes } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = no } attr_filter { attrsfile = ${confdir}/attrs } counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } } instantiate { expr } authorize { preprocess suffix sql files } authenticate { authtype PAP { pap } } preacct { preprocess suffix files } accounting { acct_unique detail sql radutmp } session { sql } post-auth { } -- I'm planning to move this to a RH7.0 server or maybe a RH8.0
Re: MySQL connect problem
On Thu, 13 Mar 2003 09:09:32 +0100 Nils Rønhovde [EMAIL PROTECTED] wrote: radius-server /local/db/mysql/3.23.43/bin/mysql -P15022 -h10.122.95.163 -uradius -pradius radius Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 68700 to server version: 4.0.4-beta-max-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql show tables; +--+ | Tables_in_radius | +--+ | radacct | | radcheck | | radgroupcheck| | radgroupreply| | radreply | | usergroup| +--+ 6 rows in set (0.00 sec) Regrettably a snoop on my MySQL-server reveals that the mysql module uses the default mysql port: radius-server - mysql-server TCP D=3306 S=52117 Rst Seq=4288337583 Len=0 Win=24820 Has anyone tried using a non-standard port? I'm using FR 0.8.1 from the download page. -- best regards Nils Ronhovde TBS/Datacom/NMS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL connect problem
On Thu, Mar 13, 2003 at 10:08:46AM +0100, Nils Rønhovde wrote: Regrettably a snoop on my MySQL-server reveals that the mysql module uses the default mysql port: radius-server - mysql-server TCP D=3306 S=52117 Rst Seq=4288337583 Len=0 Win=24820 Has anyone tried using a non-standard port? I'm using FR 0.8.1 from the download page. Hmm, the mysql module seems to ignore the port that's passed to it via the configuration files. I've included an (untested) one line fix against current cvs that should help. It applies to 0.8.1 also. Does this help? -- Simon diff -urN radiusd.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c --- radiusd.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c 2003-03-13 11:20:22.0 +0100 +++ radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c 2003-03-13 11:22:31.0 +0100 @@ -61,7 +61,7 @@ mysql_init((mysql_sock-conn)); if (!(mysql_sock-sock = mysql_real_connect((mysql_sock-conn), config-sql_server, config-sql_login, config-sql_password, - config-sql_db, 0, NULL, CLIENT_FOUND_ROWS))) { + config-sql_db, atoi(config-sql_port), NULL, CLIENT_FOUND_ROWS))) { radlog(L_ERR, rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:%s, config-sql_login, config-sql_server, config-sql_db); radlog(L_ERR, rlm_sql_mysql: Mysql error '%s', mysql_error(mysql_sock-conn)); mysql_sock-sock = NULL; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL connect problem
On Thu, 13 Mar 2003 11:32:52 +0100 Simon [EMAIL PROTECTED] wrote: Hmm, the mysql module seems to ignore the port that's passed to it via the configuration files. I've included an (untested) one line fix against current cvs that should help. It applies to 0.8.1 also. Does this help? Yes, indeed. Thanks. -- best regards Nils Ronhovde TBS/Datacom/NMS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
~Re: MySQL connect problem
What operating system and what version are you using. I ran into a similar problem with a fresh install of RedHat 8.0 and MySQL with glibc. Aparently when you connect to MySQL via anything but localhost it crashes, so in your /etc/my.cnf file make sure you set your thread stack set to 256K in your [mysqld] section. An example of mine is below. [mysqld] datadir=/var/lib/mysql innodb_data_file_path = ibdata1:10M:autoextend socket=/var/lib/mysql/mysql.sock server-id=1 log-bin set-variable = thread_stack=256K This could be your problem... ~matt - Original Message - From: Nils Rønhovde [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 2:53 PM Subject: MySQL connect problem Hi, Is this a rlm_my_sql problem, something else in the radius-server or a problem with my database: Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 10.122.95.163 sql: port = 15022 sql: login = radius sql: password = radius sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = no sql: sqltracefile = /local/net/experimental/radius-sql/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} ... rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:15022/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '10.122.95.163' (145)' rlm_sql (sql): Failed to connect DB handle #0 I haven't done anything special in radiusd.conf and mysql.conf except enabling mysql and setting the host:port and connection parameters. The connection works fine when i use the mysql program itself. best regards Nils Rønhovde - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL connect problem
On Wednesday 12 March 2003 14:53, Nils Rønhovde wrote: Hi, Is this a rlm_my_sql problem, something else in the radius-server or a problem with my database: Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 10.122.95.163 sql: port = 15022 sql: login = radius sql: password = radius sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = no sql: sqltracefile = /local/net/experimental/radius-sql/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} ... rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:15022/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on '10.122.95.163' (145)' rlm_sql (sql): Failed to connect DB handle #0 I haven't done anything special in radiusd.conf and mysql.conf except enabling mysql and setting the host:port and connection parameters. The connection works fine when i use the mysql program itself. best regards Nils Rønhovde - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Perhaps someone else answered this. When the radius server and the mysql server are on different boxes, check the general and host permissions of that user in mysql. If scale of operation permits, I run the mysql server on the same box, only permit localhost access with no password. My theory is that a decent user password is preferable to publishing it in plain text. If it is in plain text, fancy footwork with group and user permissions is in order. If they are on separate boxes, it pays to tighten up ip access (radius does that by default and prevent spoofing at the gateway. Jim Tarvid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL - Attributes:Values go in which tables?
Ed H [EMAIL PROTECTED] wrote: My question: Is there any good documentation on which Attributes and Values go into which tables? I am confused about which stuff goes where. The SQL tables are an attempt to mirror the 'users' file. See 'man 5 users' For example: The Radius book shows on pg. 110 that the Auth-Type:Reject pair goes into the Radreply table in order to reject a users access. However, I had to actually put it into the Radcheck table to actually get the rejection to take place. That's correct. The book is incorrect. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL table definition for RADIUS accounting data and duplicates
On Fri, 28 Feb 2003, Derrik Pates wrote: I ended up needing to modify the MySQL table for RADIUS accounting data to mark the AcctSessionId and AcctUniqueId fields as UNIQUE. I was having problems with receiving duplicate accounting records, showing users logged in multiple times who actually were not. Does this seem like a good idea to anyone else? Is there ever a legitimate situation where the AcctSessionId field might end up with the same value twice? I don't think that any access server can keep SessionID state between reboots or crashes Also keep in mind that you can have more than one access servers and one mysql database :-) So setting AcctSessionId to UNIQUE by default is not possible. There are really nice reasons to set AcctUniqueId to UNIQUE (like working well with accounting timeouts) but again i don't think that it is something we should put in by default. It is much better to leave that decision to the system administrator. -- Derrik Pates [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql authorization
John E Murphy [EMAIL PROTECTED] wrote: I am trying to use mysql to authorize users. It seems that they are authorized but never get through because the system looks at the /etc/passwd file. Attached is the -X output. So configure the server to use a different Auth-Type. It comes configured to use 'Auth-Type := System', and it looks like you didn't change that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql authorization
If you remark out the 'Auth-Type' all together in the 'users' file, then freeradius will begin to use the 'Auth-Type' specified in MySQL. That has been my experience at least. Rick E. - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 28, 2003 5:33 AM Subject: Re: mysql authorization John E Murphy [EMAIL PROTECTED] wrote: I am trying to use mysql to authorize users. It seems that they are authorized but never get through because the system looks at the /etc/passwd file. Attached is the -X output. So configure the server to use a different Auth-Type. It comes configured to use 'Auth-Type := System', and it looks like you didn't change that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL table definition for RADIUS accounting data and duplicates
Derrik Pates wrote: Is there ever a legitimate situation where the AcctSessionId field might end up with the same value twice? My Cisco 350 AP uses the same AcctSessionId for multiple association/deassociates as long as the client's MAC address remains the same. So for any given AcctSessionId there will be multiple entries, but at most only one will have 0 in the AcctStopTime. For the most part it will use the same AcctSessionId for a given client until the AP is rebooted. -- Jacob S. Barrett [EMAIL PROTECTED] www.amduat.net I don't suffer from insanity, I enjoy every minute of it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MYSQL Configuration Problem
[EMAIL PROTECTED] wrote: ./configure --enable-sql=mysql --with-mysql-include-dir=/usr/local/mysql ... checking for mysql/mysql.h... no ... [root@svrwsb187 include]# pwd /usr/local/mysql/include You can still edit the 'Makefile' in rlm_sql_mysql by hand. A short-term work-around would be: cd /usr/local/mysql/include ln -s . mysql Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Auth-Type
Michael Brininstool [EMAIL PROTECTED] wrote: When I run in debug mode, I see the Auth-Type getting set to 'System' somehow. I have not figured out exactly how. The 'users' file sets that, through the 'files' module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql neat trick
Nick Davis wrote: I just figured this out and thought some others might benefit from it! Here is how you dump database(s) on one server into a database on another server! mysqldump --opt -a LOCALDBNAME [LOCALTABLE1 [LOCALTABLE2]] -u USER -pPASSWORD | mysql --host=REMOTEHOST REMOTEDBNAME -u USER -pPASSWORD See man mysqldump and man mysql for further options! I am going to use this for periodic updates from the main mysql server to the backup mysql server. Much simpler than dumping the database on the main server, ftp/scping it to the backup server, then inserting it into the backup db. Why not just backup the db using it's replication features: http://www.mysql.com/doc/en/Replication.html Pete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mysql neat trick
...which is also described on pp. 111-112 of the RADIUS book. Replication is a lot easier to control and use. -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Why not just backup the db using it's replication features: http://www.mysql.com/doc/en/Replication.html Pete - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[OT] Re: mysql neat trick
Yes, I am aware of doing Replication. Due to some system issues, I cannot do that. That is why I am happy to use that nice long command I found in the mysqldump man page. Thanks for the idea though! Nick On Friday 31 January 2003 18:10, Jonathan Hassell wrote: ...which is also described on pp. 111-112 of the RADIUS book. Replication is a lot easier to control and use. -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Why not just backup the db using it's replication features: http://www.mysql.com/doc/en/Replication.html Pete -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql radcheck field syntax
28-Jan-03 at 19:18, Doug Yeager ([EMAIL PROTECTED]) wrote : This is an easy one: I want to add a user to mysql. Can someone tell me the right values for the attribute and op field? I'm just trying to test to see if I can get something simple working. Is this right: Insert into radcheck (username,attribute,value,op) values ('doug','User-Password','testpass','=='); This works best for me: username, attribute, value, op : 'simon', 'Crypt-Password', 'GkTfS3XVFwvDR', null Regards, -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql radcheck field syntax
Doug Yeager [EMAIL PROTECTED] wrote: This is an easy one: I want to add a user to mysql. Can someone tell me the right values for the attribute and op field? That depends on your local configuration. See the 'users' file for examples. Read 'doc/rlm_sql' in the latest CVS snapshot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL
something like --with-rlm-rlm_sql_mysql-include-dir=/usr/include/mysql and --with-rlm_sql_mysql would be great. (mysql rpm installation) you have to install mysql-devel in order to get it work. the compilation worked if the file freeradius-0.8.x/src/modules/rlm_sql/drivers/rlm_sql_mysql/rlm_sql_mysql.a exists. Frederic SOSSON wrote: Hi, I would like to implement freeradius with mysql and I'd like to know if --with-mysql-include-dir --with-mysql-lib-dir --with-mysql-dir are essentials when I do ./configure ? (i realy need help I'm a newbie) Frederic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- CYBERDECK Solutions de bornes interactives --- Richard Genoud Ingenieur RD --- 300 route nationale 6 - 69760 Limonest - France Tel. : 0820 820 107 - International +33 4 78 66 74 00 Fax : +33 4 78 66 74 69 [EMAIL PROTECTED] - www.cyberdeck.com --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL timeout problem
Giuliano Zorzi [EMAIL PROTECTED] wrote: I have a big problem with freeradius and mysql. After a 8 hours of inactivity of the freeradius server it looses the connection to the mysql server and I have to restart both to have the problem solved. Is there a way to turn off or set an higher value for this ? This problem has been fixed. You're probably running an older version of the server, and should upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
Alan DeKok wrote: Ossama Suleiman [EMAIL PROTECTED] wrote: i am using freeradius 0.8.1 with Redhat 8.0, i wanted to use mysql authentication, the problem is that i want to authenticate users depending on Calling-Station-Id, so i added an entry (blank username) Why? What's wrong with the DEFAULT configuration? When using the DEFAULT entry with the users file there is no problem at all, but when using it with mysql i got the error message mentioned before below -i got the following error message that the user-name can't be blank: -- rlm_sql (sql): zero length username not permitted Exactly. Use DEFAULT. i tried the DEFAULT value, my table looks like this: ++--+--+--+--+ | id | UserName | Attribute | Value| op| ++--+--+--+--+ | 1 | DEFAULT | Auth-Type | Accept| := | | 2 | DEFAULT | Huntgroup-Name | test | == | ++--+--+--+--+ but as i said before, this configuration is not working and it still complains about zero length username. when i commented out that section in rlm_sql.c and replaced the default entry with an blank entry it worked correctly. my table looked like this in that case: ++--+--+--+--+ | id | UserName | Attribute | Value| op| ++--+--+--+--+ | 1 | | Auth-Type | Accept| := | | 2 | | Huntgroup-Name | test | == | ++--+--+--+--+ this is working fine, and checking the calling-station-id listed in the huntgroup file could somebody correct me if this contains mistakes?? You're doing too much work, and ignoring the examples which tell you about the DEFAULT user. Alan DeKok. sorry for all the trouble, and resending it Ossama - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mysql auth
Duane, They're in radcheck. It should be: Id number, username, attribute, op, value Where the attribute is the actual word Password the op is == and the value is whatever the password is for the user. Shannon Message: 9 From: Duane Barnes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: mysql auth Date: Tue, 21 Jan 2003 08:51:34 -0500 Reply-To: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_000A_01C2C12A.4D3B14E0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Does anyone know which table the passwords for the users are stored in? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql auth
the attribute can be also : User-Password and Crypt-Password ;) Shannon Johnson a écrit: Duane, They're in radcheck. It should be: Id number, username, attribute, op, value Where the attribute is the actual word Password the op is == and the value is whatever the password is for the user. Shannon Message: 9 From: Duane Barnes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: mysql auth Date: Tue, 21 Jan 2003 08:51:34 -0500 Reply-To: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_000A_01C2C12A.4D3B14E0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Does anyone know which table the passwords for the users are stored in? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- CYBERDECK Solutions de bornes interactives --- Richard Genoud Ingenieur RD --- 300 route nationale 6 - 69760 Limonest - France Tel. : 0820 820 107 - International +33 4 78 66 74 00 Fax : +33 4 78 66 74 69 [EMAIL PROTECTED] - www.cyberdeck.com --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
Alan DeKok wrote: Ossama Suleiman [EMAIL PROTECTED] wrote: i am using freeradius 0.8.1 with Redhat 8.0, i wanted to use mysql authentication, the problem is that i want to authenticate users depending on Calling-Station-Id, so i added an entry (blank username) Why? What's wrong with the DEFAULT configuration? When using the DEFAULT entry with the users file there is no problem at all, but when using it with mysql i got the error message mentioned before below -i got the following error message that the user-name can't be blank: -- rlm_sql (sql): zero length username not permitted Exactly. Use DEFAULT. i tried the DEFAULT value, my table looks like this: ++--+--+--+--+ | id | UserName | Attribute | Value | op | ++--+--+--+--+ | 1 | DEFAULT | Auth-Type | Accept | := | | 2 | DEFAULT | Huntgroup-Name | test | == | ++--+--+--+--+ but as i said before, this configuration is not working and it still complains about zero length username. when i commented out that section in rlm_sql.c and replaced the default entry with an blank entry it worked correctly. my table looked like this in that case: ++--+--+--+--+ | id | UserName | Attribute | Value | op | ++--+--+--+--+ | 1 | | Auth-Type | Accept | := | | 2 | | Huntgroup-Name | test | == | ++--+--+--+--+ this is working fine, and checking the calling-station-id listed in the huntgroup file could somebody correct me if this contains mistakes?? You're doing too much work, and ignoring the examples which tell you about the DEFAULT user. Alan DeKok. sorry for all the trouble. Ossama - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
Ossama Suleiman [EMAIL PROTECTED] wrote: i am using freeradius 0.8.1 with Redhat 8.0, i wanted to use mysql authentication, the problem is that i want to authenticate users depending on Calling-Station-Id, so i added an entry (blank username) Why? What's wrong with the DEFAULT configuration? -i got the following error message that the user-name can't be blank: -- rlm_sql (sql): zero length username not permitted Exactly. Use DEFAULT. could somebody correct me if this contains mistakes?? You're doing too much work, and ignoring the examples which tell you about the DEFAULT user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MYSQL check_error: 1065 received
well... I upgraded to freeradius 0.8, and it's ok now... Genoud Richard a écrit: hello everyone ! I got freeradius0.7.1, with mysql module and I got this error on a radclient request : echo User-Name = user, Password=guess | radclient 127.0.0.1 auth guess I had previously a postgreSQL database, and i managed to had it running. I compiled the mysql module, changed the radius.conf file, setting up my data based... but there's still a problem. The DB seems to be ok. freeradius manages to connect to it, but there's this error. anyone got an idea ? here's the log: [...] Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = 10.0.1.18 sql: port = sql: login = dbuser sql: password = guess sql: radius_db = radiusdb sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = yes sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: authenticate_query = sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 sql: accounting_start_query = INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') sql: accounting_start_query_alt = UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 sql: accounting_stop_query = UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 sql: accounting_stop_query_alt = INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}',
Re: Mysql, dialup_admin and Freeradius Problem.
At 11:12 PM 11/19/2002 -0200, you wrote: Chris Brotsos wrote: At 06:04 PM 11/19/2002 -0200, you wrote: rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: The 'op' field for attribute 'User-Password = $1$C.zZID82$kp/ZF6uwfT3dIHwtLd1B70' is NULL, or non-existent. rlm_sql: You MUST FIX THIS if you want the configuration to behave as you expect. I would start here. Look at the very descriptive op field message above, and then take a look at sql.conf and previous mailing-list threads about the OP field. I'm reading about those operators but it's messing up my mind. I just can't understand then. I;m very new in radius. Have you read /path/to/src/radiusd/doc/rlm_sql. It would be difficult to explain the operators and their use for SQL auth any better. There is even a URL with sample configurations. Regards, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, dialup_admin and Freeradius Problem.
At 06:04 PM 11/19/2002 -0200, you wrote: I have all of then installed and running and added an user with dialup_admin but when I try to connect to my tc nas that user doesn't pass. here is what I get: rad_recv: Access-Request packet from host :1645, id=55, length=146 User-Name = servico User-Password = J{\234W\375\n\374\212'\314\262\367\340\372\0274 NAS-IP-Address = xx NAS-Port = 1538 Acct-Session-Id = 88 USR-Interface-Index = 2794 Service-Type = Login-User USR-Chassis-Call-Slot = 7 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 2 Calling-Station-Id = 6218297 Called-Station-Id = 8600 NAS-Port-Type = Async modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound rlm_realm: No '@' in User-Name = servico, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'servico' rlm_sql (sql): sql_set_user escaped user -- 'servico' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'servico' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: The 'op' field for attribute 'User-Password = $1$C.zZID82$kp/ZF6uwfT3dIHwtLd1B70' is NULL, or non-existent. rlm_sql: You MUST FIX THIS if you want the configuration to behave as you expect. I would start here. Look at the very descriptive op field message above, and then take a look at sql.conf and previous mailing-list threads about the OP field. auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Check shared secret in your clients file on FreeRADIUS and the NAS config too. Regards, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, dialup_admin and Freeradius Problem.
Chris Brotsos wrote: At 06:04 PM 11/19/2002 -0200, you wrote: rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: The 'op' field for attribute 'User-Password = $1$C.zZID82$kp/ZF6uwfT3dIHwtLd1B70' is NULL, or non-existent. rlm_sql: You MUST FIX THIS if you want the configuration to behave as you expect. I would start here. Look at the very descriptive op field message above, and then take a look at sql.conf and previous mailing-list threads about the OP field. I'm reading about those operators but it's messing up my mind. I just can't understand then. I;m very new in radius. auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Check shared secret in your clients file on FreeRADIUS and the NAS config too. I fixed that and it still doesn't work here. rad_recv: Access-Request packet from host 200.206.28.2:1645, id=60, length=146 User-Name = servico User-Password = 1234 NAS-IP-Address = 200.206.28.2 NAS-Port = 3332 Acct-Session-Id = 96 USR-Interface-Index = 4588 Service-Type = Login-User USR-Chassis-Call-Slot = 14 USR-Chassis-Call-Span = 2 USR-Chassis-Call-Channel = 4 Calling-Station-Id = 6218297 Called-Station-Id = 8600 NAS-Port-Type = Async modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns notfound rlm_realm: No '@' in User-Name = servico, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'servico' rlm_sql (sql): sql_set_user escaped user -- 'servico' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'servico' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: The 'op' field for attribute 'User-Password = $1$5IxwTAGm$WdUwnquD6cvQI5fbH6..l1' is NULL, or non-existent. rlm_sql: You MUST FIX THIS if you want the configuration to behave as you expect. radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'servico' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'servico' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'servico' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Pairs do not match for user [servico] rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Regards, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL - need to change the authentication query
Ish-Lev Avshalom [EMAIL PROTECTED] wrote: Anyone have any idea how to make freeradius associate the check attributes with reply attributes with an additional key other then the username? Edit the schema. I was thinking of adding a 'record' column to both radcheck and radreply tables, that will identify each record of the username, but for that, I need to change the query in sql.conf to take that identifier from the select it had performed on the radcheck table and use it in the select of the radreply table... That's why the SQL statements are in a configuration file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql op field
Enesha Fairluck [EMAIL PROTECTED] wrote: Thanks for everything taht everyone did last weel about the op field. Heh guess I opened a can of worms :) Anyway everyone seems to be saying that the op value needs to be something. The problem is I don't know what. I don't know what that field is, much less what should go there.o Look at the 'users' file which is shipped with the server. Look at the SQL schema. Note what's in the 'users' file, and see where they're the same. See 'man 5 users', and look at the 'operator' text. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Brian Kolaci [EMAIL PROTECTED] wrote: I was amazed so I had to see it for myself. This seems to be a major bug in mysql. I've grown used to oracle where the behaviour is correct and doesn't allow the insertion to take place. I agree. That's a bug on the part of MySQL. I guess a *bad* value as a default would be better than an empty string. That would confuse a *lot* of people. Though I still think it might be a good idea. In any case, I've added voluminous log messages to rlm_sql. So if the 'op' field is empty or nonsensical, then HUGE numbers of complaints get dumped to the log file. It is my fervent hope that some people will read the error messages, and do something about their misconfigured systems. It would also be good to have more documentation for rlm_sql (there's no 'doc/rlm_sql'), but that's another story. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
I know it has support for users accounting logging. I'd like to know if it has support for authentication logging (and if not, is it currently being worked on?) I'd like to have all the info in the radius.log file in the database, which then assures we have a record of all successes failures for both billing and for support folks to see the incorrect passwords the user is entering. Brian Hello, I'm sorry if these is a stupid question, but I looked around the website and the FAQ and could not find anything. Does Freeradius have MySQL support in it, both for users and logging? I'm using a slightly older version of Cistron (no mysql) and wanted to upgrade. Thanks, Bryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Bryan Koschmann - GKT [EMAIL PROTECTED] wrote: I'm sorry if these is a stupid question, but I looked around the website and the FAQ and could not find anything. Does Freeradius have MySQL support in it, both for users and logging? For users (authentication and accounting), yes. Not for logging, though. Once you've written user accounting information to MySQL, the server logs of Hey, I did this now! are irrelevant. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Brian Kolaci [EMAIL PROTECTED] wrote: I know it has support for users accounting logging. Then why did you ask that exact question? I didn't. Bryan did, I was answering that one. I'd like to know if it has support for authentication logging I don't know what you mean by that. 'Who logged in' comes from accounting logs. I don't see why you would need to log authentication requests. The authentication packet comes in and is ACK'd. The accounting packet was lost. Unfortunetly, this happens *alot*. Every day I need to use radzap to kill the logins that the accounting Stop packets were lost. So I'm sure there are instances where the Start packets are lost as well. That isn't currently supported (no default SQL statements), but there's no reason why you can't write your own SQL statements to log authentication requests. Yes, but to do so with the sql module? Is that possible? Or do I need to maintain a separate database connection pool? I do not (nor wish to) use sql for the users information (radcheck, radreply, etc). I only want it for the accounting (for planning) and for authentication logging. I'd like to have all the info in the radius.log file in the database, I don't think that's a good idea. The radius.log file contains a LOT of other log messages, too. which then assures we have a record of all successes failures for both billing and for support folks to see the incorrect passwords the user is entering. You can do this via custom SQL statements. But is this for authentication packets or accounting packets? I want to *log* the authentication request/response, but use files to hold the authentication information. With 0.6 it didn't seem possible with the sql module. Thanks, Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Enesha Fairluck [EMAIL PROTECTED] wrote: yet if I got to the mysql client and copy and paste that same SELECT command, it returns : +--+--+---+-+--+ | id | UserName | Attribute | Value | op | +--+--+---+-+--+ | 4891 | bjparker | Password | (deleted) | NULL | +--+--+---+-+--+ Anyone have any thoughts on this? I think I'm going to edit the SQL code, and make the server core dump if the 'op' field is NULL. That's the cause of 99% of the SQL problems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Nick Davis [EMAIL PROTECTED] wrote: Couldn't you also just set the default of the op field to := ? That's what I did on my db. I realize some other might need different ops, but it should at least work in most cases. If there's no 'op' field, then the SQL module sets the operator to '='. See the examples in the 'users' file. There is more than ONE possible value for the operator in a sane configuration. So ANY default value for the 'op' field is wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Nick Davis [EMAIL PROTECTED] wrote: Couldn't you also just set the default of the op field to := ? That's what I did on my db. I realize some other might need different ops, but it should at least work in most cases. If there's no 'op' field, then the SQL module sets the operator to '='. See the examples in the 'users' file. There is more than ONE possible value for the operator in a sane configuration. So ANY default value for the 'op' field is wrong. Alan DeKok. How about set the field as 'NOT NULL' rather than set a default? Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Enesha Fairluck [EMAIL PROTECTED] wrote: yet if I got to the mysql client and copy and paste that same SELECT command, it returns : +--+--+---+-+--+ | id | UserName | Attribute | Value | op | +--+--+---+-+--+ | 4891 | bjparker | Password | (deleted) | NULL | +--+--+---+-+--+ Anyone have any thoughts on this? I think I'm going to edit the SQL code, and make the server core dump if the 'op' field is NULL. That's the cause of 99% of the SQL problems. Well thanks for the reply...any thoughts on how to fix this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Brian Kolaci [EMAIL PROTECTED] wrote: How about set the field as 'NOT NULL' rather than set a default? I'm no SQL guy. Patch? Alan DeKok. Here you go... This is a diff for db_mysql.sql in the directory /local/src/radius/freeradius-0.7.1/src/modules/rlm_sql/drivers/rlm_sql_mysql Brian *** db_mysql.sqlFri Mar 8 14:17:04 2002 --- db_mysql.sql.newFri Nov 8 16:11:52 2002 *** *** 56,62 UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2), PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; --- 56,62 UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2) NOT NULL, PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; *** *** 70,76 GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2), PRIMARY KEY (id), KEY GroupName (GroupName(32)) ) ; --- 70,76 GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2) NOT NULL, PRIMARY KEY (id), KEY GroupName (GroupName(32)) ) ; *** *** 84,90 GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2), prio int unsigned NOT NULL default '0', PRIMARY KEY (id), KEY GroupName (GroupName(32)) --- 84,90 GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2) NOT NULL, prio int unsigned NOT NULL default '0', PRIMARY KEY (id), KEY GroupName (GroupName(32)) *** *** 99,105 UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2), PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; --- 99,105 UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', Value varchar(253) NOT NULL default '', ! op char(2) NOT NULL, PRIMARY KEY (id), KEY UserName (UserName(32)) ) ;
Re: mysql
On Friday 08 November 2002 16:08, Alan DeKok wrote: Brian Kolaci [EMAIL PROTECTED] wrote: How about set the field as 'NOT NULL' rather than set a default? I'm no SQL guy. Patch? Alan DeKok. Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. Kevin Bonner diff -urN radiusd.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql --- radiusd.orig/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql Fri Nov 8 16:15:18 2002 +++ radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql Fri Nov 8 16:18:07 2002 @@ -55,8 +55,8 @@ id int(11) unsigned NOT NULL auto_increment, UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', + op char(2) NOT NULL default '!=', Value varchar(253) NOT NULL default '', - op char(2), PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; @@ -69,8 +69,8 @@ id int(11) unsigned NOT NULL auto_increment, GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', + op char(2) NOT NULL default '!=', Value varchar(253) NOT NULL default '', - op char(2), PRIMARY KEY (id), KEY GroupName (GroupName(32)) ) ; @@ -83,8 +83,8 @@ id int(11) unsigned NOT NULL auto_increment, GroupName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', + op char(2) NOT NULL default '!=', Value varchar(253) NOT NULL default '', - op char(2), prio int unsigned NOT NULL default '0', PRIMARY KEY (id), KEY GroupName (GroupName(32)) @@ -98,8 +98,8 @@ id int(11) unsigned NOT NULL auto_increment, UserName varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', + op char(2) NOT NULL default '!=', Value varchar(253) NOT NULL default '', - op char(2), PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Alan, Couldn't you also just set the default of the op field to := ? That's what I did on my db. I realize some other might need different ops, but it should at least work in most cases. Nick Thanks for the suggestion. Tried setting that in the db, but the problem remains unchanged. It's appreciated tho :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. Kevin Bonner d'oh! sorry for posting a patch to the users list Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. Kevin Bonner d'oh! sorry for posting a patch to the users list Kevin I don't think you should put a default. Just set the column to NOT NULL, and force them to enter a value. Let the SQL INSERT fail if they don't provide one. Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
Kevin Bonner [EMAIL PROTECTED] wrote: Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. I agree. There is sometimes a good reason to set the defaults to nonsensical values, especially if *any* default is nonsensical. I'll add the patch. I noticed you re-ordered the 'op' field, too. So long as the query doesn't change, the code in rlm_sql shouldn't have to be changed, right? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
On Friday 08 November 2002 16:34, Brian Kolaci wrote: Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. Kevin Bonner d'oh! sorry for posting a patch to the users list Kevin I don't think you should put a default. Just set the column to NOT NULL, and force them to enter a value. Let the SQL INSERT fail if they don't provide one. Brian I believe mysql defaults to an empty string of no default is set. Try running this on your sql server: show create table radcheck; That will show defaults, even though you didn't set defaults. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
I noticed you re-ordered the 'op' field, too. So long as the query doesn't change, the code in rlm_sql shouldn't have to be changed, right? Alan DeKok. Correct. The database layout should not affect the queries and shouldn't affect the way people insert items into those tables. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
At 04:36 PM 11/8/2002 -0500, Alan DeKok wrote: Kevin Bonner [EMAIL PROTECTED] wrote: Well...here's a patch for mysql. I guess the default op value should be chosen wisely, but I think that the != will hopefully force people to set the op field instead of ignoring it. I agree. There is sometimes a good reason to set the defaults to nonsensical values, especially if *any* default is nonsensical. I'll add the patch. I noticed you re-ordered the 'op' field, too. So long as the query doesn't change, the code in rlm_sql shouldn't have to be changed, right? I just committed updates for mysql,postgre,db2,oracle that change the order ( so op is between Attribute and Value ) and make it NOT NULL. I did not set a default. I think having the server reject invalid entries upon an insert is the best way to handle this problem. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql
On Friday 08 November 2002 16:56, Chris Parker wrote: I just committed updates for mysql,postgre,db2,oracle that change the order ( so op is between Attribute and Value ) and make it NOT NULL. I did not set a default. I think having the server reject invalid entries upon an insert is the best way to handle this problem. -Chris Here's the output when I use the new changes. Just moving the type of error from a NULL op to an empty op. Kevin mysql CREATE TABLE radcheck ( - id int(11) unsigned NOT NULL auto_increment, - UserName varchar(64) NOT NULL default '', - Attribute varchar(32) NOT NULL default '', - op char(2) NOT NULL, - Value varchar(253) NOT NULL default '', - PRIMARY KEY (id), - KEY UserName (UserName(32)) - ) ; Query OK, 0 rows affected (1.46 sec) mysql insert into radcheck (username, attribute, value) values ('test', 'passwd', 'blah'); Query OK, 1 row affected (0.00 sec) mysql select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | test | passwd|| blah | ++--+---++---+ 1 row in set (0.00 sec) mysql - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html