Re: SQL 'authenticate' section
At 03:09 PM 12/18/2002 -0300, Fernando Teodoro wrote: Thanks, Chris, for the quick response (and for understanding I'm a newbie...) Ok, FreeRADIUS starts either with par or chap in authenticate. I quickly found that FreeRadius doesn't read NAS table from ic-radius, so I've made the changes in clients.conf; now I'm trying dial-in to NAS, but olny get: 'dropping packet from client pm3test:1026 due to dead request 10' 'discarding new request from client pm2test:1026 due to live request 14' 'rlm_sql_getvpdata: database query error' 'rlm_sql (sql): sql query error; rejecting user' This error appears because freeradius is getting trouble in read ic-radius tables, or is not table-related? Of course I'll not report you all my erroneous tests. I'm only trying to find out where to start to learn. FreeRADIUS uses slightly different tables than ic-radius. If you run in debugging mode, you should see in more detail the exact query that FreeRADIUS is running. You may need to modify this query to match the layout of your tables, if you are not using the standard FreeRADIUS table definitions ( which are different than ic-radius ). You can run the queries by hand to see what the error is. Alternatively, I'd suggest setting up a test radius server with a new table structure laid out per the FreeRADIUS definitions. Add entries to that until you've gotten a test-user to authenticate via 'radtest'. Then you'll know what changes you'll need to make to migrate your servers from ic-radius to FreeRADIUS. Also, either chap or pap should work with SQL authorization method? It's easy to see I have no idea (yet) what exactly pap or chap does, it will be the next need-to-learn... PAP will work with clear text password or crypted passwords stored in the SQL table. CHAP will work with only clear text passwords stored in the SQL table. Most likely you are using PAP. There are merely different ways of transmitting password information from the end-user through the NAS to the RADIUS server. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL 'authenticate' section
Thanks, Chris, for the quick response (and for understanding I'm a newbie...) Ok, FreeRADIUS starts either with par or chap in authenticate. I quickly found that FreeRadius doesn't read NAS table from ic-radius, so I've made the changes in clients.conf; now I'm trying dial-in to NAS, but olny get: 'dropping packet from client pm3test:1026 due to dead request 10' 'discarding new request from client pm2test:1026 due to live request 14' 'rlm_sql_getvpdata: database query error' 'rlm_sql (sql): sql query error; rejecting user' This error appears because freeradius is getting trouble in read ic-radius tables, or is not table-related? Of course I'll not report you all my erroneous tests. I'm only trying to find out where to start to learn. Also, either chap or pap should work with SQL authorization method? It's easy to see I have no idea (yet) what exactly pap or chap does, it will be the next need-to-learn... Thanks again, -- Fernando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL 'authenticate' section
At 14:31 18/12/2002 -0300, you wrote: Look for the "aaa.txt" file, read it. It explains the difference in which FreeRADIUS authenticates and authorizes. In your case, you must use the authorize section.. -- Steve I'm migrating from ic-radius to freeradius. It seems that they read the same MySQL table structure. I've made some preliminary adjusts in radiusd.conf, but still can't have freeradius starting with mysql. I keep getting error: sql modules aren't allowed in authenticate sections -- they have no such method Where did I miss? Also, is there a howto/help/step-by-step guide, radiusd.conf example, anything I can read about it? As far as I gone, freeradius.org has no tips Thanks in advance, -- Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL 'authenticate' section
At 02:31 PM 12/18/2002 -0300, Fernando Teodoro wrote: I'm migrating from ic-radius to freeradius. It seems that they read the same MySQL table structure. It uses a similar table structure to ic-radius, though it is expanded with FreeRADIUS. Main difference is the 'op' column which FreeRADIUS requires. I've made some preliminary adjusts in radiusd.conf, but still can't have freeradius starting with mysql. I keep getting error: sql modules aren't allowed in authenticate sections -- they have no such method Authenticate is where you verify the password. SQL is where you store the password. You are using PAP or CHAP to compare the password, not SQL. Hence the error message. Put SQL in the 'authorize' section, and don't put it in the 'authenticate' section. Where did I miss? Also, is there a howto/help/step-by-step guide, radiusd.conf example, anything I can read about it? As far as I gone, freeradius.org has no tips The sample configs are self-documenting, there are also quite a few docs in the /docs directory of the distribution. There is an O'Reilly book featuring FreeRADIUS. There are some online docs ( admittedly a bit out of date ) that I've been putting together ( note they may be wrong in some cases as the server has changed since they were first written ): http://www.segv.org/freeradius/ -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL 'authenticate' section
I'm migrating from ic-radius to freeradius. It seems that they read the same MySQL table structure. I've made some preliminary adjusts in radiusd.conf, but still can't have freeradius starting with mysql. I keep getting error: sql modules aren't allowed in authenticate sections -- they have no such method Where did I miss? Also, is there a howto/help/step-by-step guide, radiusd.conf example, anything I can read about it? As far as I gone, freeradius.org has no tips Thanks in advance, -- Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html