Re: Freeradius+MySql (Authorization Query) - regexp
=?iso-8859-1?q?Kiran?= <[EMAIL PROTECTED]> wrote: > I am using the following query for authorization and I > am getting the error 1064 from MySql (PARSE ERROR). > But when I am giving the same query replacing the > variables with values, I am getting the output. Can > someone explain me why. Look at the SQL debug log file. It will have the queries with the variables replaced by values. > "(select id,UserName,Attribute,Value,op from > ${authreply_table} where username='%{SQL-User-Name}') > union (select id,UserName, Attribute, > concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) > Value,op from ${authreply_table}, pb_tariffs,surcharge > where \"%{Called-Station-Id}\" regexp > concat("^"... A double quote inside of a double-quoted string? > I am getting the error after adding 'regexp' to the > query. Then what you added is the source of the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius+MySql (Authorization Query) - regexp
Hi I am using the following query for authorization and I am getting the error 1064 from MySql (PARSE ERROR). But when I am giving the same query replacing the variables with values, I am getting the output. Can someone explain me why. "(select id,UserName,Attribute,Value,op from ${authreply_table} where username='%{SQL-User-Name}') union (select id,UserName, Attribute, concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) Value,op from ${authreply_table}, pb_tariffs,surcharge where \"%{Called-Station-Id}\" regexp concat("^",de_prefix) and value like 'h323-credit-amount=%' and username='%{SQL-User-Name}' and dnis='%{Calling-Station-Id}' order by de_prefix desc limit 1)" I am getting the error after adding 'regexp' to the query. Thanks, Kiran Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
three duplicate rows for each session in mysql radacct table
Hi everybody With freeradius 0.9.3 , each user session creates three identical rows in mysql radacct table . For each session, I receive five paquets : 1) Access-Request 2) Accounting-Request Start which generates an INSERT request 3) Accounting-Request Start which generates another INSERT request 4) Accounting-Request Stop which generates an UPDATE of the two rows inserted before 5) Accounting-Request Stop which generates another UPDATE of the two rows inserted before AND a third INSERT Finally , I get three identical rows in my mysql table I read the list , the documentation , many times , but I don't understand So please, help me ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Number of MySQL connections needed?
On Fri, 19 Dec 2003, Kostas Kalevras wrote: > See doc/tuning_guide Thanks! I did check that out, but all it said was to make num_sql_socks larger than the number of simultaneous requests. (Hehe! Of course!) I'm still using 0.8.1, though: is tuning_guide updated in the latest? > In any case it depends on how fast your sql server responds to queries. > One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time > If you see active threads put in a few sql connections more than the > maximum number of active threads. So, if I understand you correctly, if during peak times only 5 connections are active, and the rest are sleeping, then I could get away with 10 connections? If so, then that makes a lot of sense. Most of my connections are sleeping at any given time. > A more scientific solution is to increase the connection pool if you get > 'out of sql sockets' errors radius.log :-) Haha! The people answering the tech support calls will not like that option, I think. :-) Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Number of MySQL connections needed?
On Thu, 18 Dec 2003, Kristina Pfaff-Harris wrote: > > Heya, all. This might be a silly question, but can anyone tell me a rule > of thumb to figure out how many MySQL connections (num_sql_socks in the > config) to configure based on ... heck, I don't know ... something like > number of people dialed up at the same time? It's a bit difficult to say > how many users I have simultaneously using FR, since the logs/debug stuff > is sequential. > > Currently using 24 connections for auth and 24 for accounting. I'm > wondering if I really need that many or if I should add more. > > Any ideas? What I've got seems to work: I'm just trying to be a little > more scientific about it. Pointers to docs appreciated if this is in the > docs and I missed it! See doc/tuning_guide In any case it depends on how fast your sql server responds to queries. One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time If you see active threads put in a few sql connections more than the maximum number of active threads. A more scientific solution is to increase the connection pool if you get 'out of sql sockets' errors radius.log :-) > > Thanks! > > Kristina > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Number of MySQL connections needed?
Heya, all. This might be a silly question, but can anyone tell me a rule of thumb to figure out how many MySQL connections (num_sql_socks in the config) to configure based on ... heck, I don't know ... something like number of people dialed up at the same time? It's a bit difficult to say how many users I have simultaneously using FR, since the logs/debug stuff is sequential. Currently using 24 connections for auth and 24 for accounting. I'm wondering if I really need that many or if I should add more. Any ideas? What I've got seems to work: I'm just trying to be a little more scientific about it. Pointers to docs appreciated if this is in the docs and I missed it! Thanks! Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius mysql simultaneous-use question URGENT
'sql' is listed in the accounting section. Anyway I figured out that I was testing it incorrectly using NTRadping for I was testing for double logins by using Accounting (start/stop) as the Request type instead of using Authentication Request as the request type. I have successfully tested it and it works well now :) Thanks! Soujanya From: "Alan DeKok" <[EMAIL PROTECTED]>> To: [EMAIL PROTECTED]> Subject: Re: freeradius mysql simultaneous-use question URGENT=20> Date: Tue, 16 Dec 2003 16:33:11 -0500> Reply-To: [EMAIL PROTECTED]>=20> Soujanya Rao <[EMAIL PROTECTED]> wrote:> > Can anyone tell me where I am going wrong? This is urgent and I am> > clueless as to what else needs to be done.=20>=20> Ensure that 'sql' is listed in the 'accounting' section.>=20> Run: radiusd -X>=20> Alan DeKok. Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Re: freeradius mysql simultaneous-use question URGENT
Soujanya Rao <[EMAIL PROTECTED]> wrote: > Can anyone tell me where I am going wrong? This is urgent and I am > clueless as to what else needs to be done. Ensure that 'sql' is listed in the 'accounting' section. Run: radiusd -X Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius mysql simultaneous-use question URGENT
Hi, I am new to freeradius. I need some help in using simultaneous-use for detecting double logins using mysql only. Here is my current set up: > select * from radgroup check ++--- +---++---+| id | GroupName | Attribute | op | Value |+++++---+ | 2 | static | Auth-Type | == | Local |+++++---+| 4 | static | Simultaneous-Use | := | 1 |++++-++ > select * from usergroup ++-+-+| id | UserName | GroupName |++-+-+| 33 | PW006 | static |++--++ > select * from radcheck ++---+++--+| id | UserName | Attribute | op | Value |++---+++--+| 18 | PW006 | Password | == | abcd |++---++-+-+ In my radius.conf I have a set up like this: session { sql} In sql.conf, the "Simultaneous Use Checking Queries" are uncommented I am using NTRadping to test for simultaneous-use and am failing to do so! I am doing an accounting start using NTRadPing for the same user with a different NAS-IP-Address (Additional RADIUS attributes) and a different port NAS-Port (additional RADIUS attribute). Though simultaneous-use is setup the user is not stopped for double login at all. It creates two entries in the radaact table and when I run accounting stop it updates the relevant radacct records with the AcctStopTime. Can anyone tell me where I am going wrong? This is urgent and I am clueless as to what else needs to be done. The sqltrace.log does not show that the uncommented statements in sql.conf are executed. How do I make sure that they get executed. Also please let me know if this is a correct procedure for testing the same. Thanks in advance, Soujanya . Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
MySQL Success
Title: Message To all, I finall got it, go figure it was a very obvious answer. I simply re-configured FreeRADIUS using ./configure --with-static-modules="sql sql_mysql" command. When I executed a make, it errored out saying it could not find ../modules/rlm_sql_mysql. I simply made a symbolic link to include the rlm_sql_mysql sub-directory in the ../modules/ directory and re-ran make. Everything works great now, thanks! Cordially, Chris DeRamus OCIO VPN Administrator SAIC -Original Message-From: Deramus, Chris Sent: Sunday, December 14, 2003 11:09 PMTo: '[EMAIL PROTECTED]'Subject: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: >oh boy, I remember kicking this around for ever as well ... > >My solution was to 1) be sure you have development rpms installed and >2) >do not use "--disable-shared" when running configure. I don't know >exactly why this changed things, but compiling with shared libraries it >was able to find and use all the necessary mysql libs and includes. > >I installed the following MySQL rpms (Redhat) : > MySQL-devel-4.0.16-0 > MySQL-shared-compat-4.0.16-0 > MySQL-client-4.0.16-0 > MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
"Deramus, Chris" <[EMAIL PROTECTED]> wrote: > What file(s) should I run ldd against? rlm_sql_mysql.so Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
Nick Davis wrote: James, All of your accounting data is being written to the details files. You must not have put "sql" in the accounting section of radius.conf. You mean this?: accounting { # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique sql # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily unix# wtmp file # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There's little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool } Been there for some time. Also make sure the sql queries in sql.conf are correct for the "radacct" table. I've not touched them. The only thing I did was make it use radacct_table1/table2, for which I searched and replaced. mysql.err shows nothing, and I've logged into the mysql server using the radius user account and successfully inserted some data. I find it suspicous that although I see SQL queries to SELECT data in the authorisation and authentication phase, I see no SQL being performed for accounting data. Take a look at my radius.conf for reference to using mysql for accounting and user/pass/groups (auth). http://mrtizmo.com/freeradius/ Thanks for this, can't see much in there that's different to mine! James Hope some of this helps! Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Testers Please - MySQL and PostgreSQL compatability patch
I hoped these patches would have been applied to CVS by now, but they haven't. If anyone is interested in PostgreSQL support for freeradius, please check out the site I have setup, and send feedback if you find any problems. I have verified my patch against the CVS as of 2003 Dec 15 10:15. Have anice day Guy Fraser wrote: This patch has been made against the CVS tree, I have verified that it applies to the CVS as of Dec 10 16:11 2003 MDT. This is a unified patch that will patch the radiusd directory. I have solved, all the compatibility issues between MySQL and PostgreSQL for Dialup Admin,as far as I can tell. I tested all the dialupadmin interfaces with PostgreSQL and MySQL. They both work and all I have to do to switch between them is change the sql driver and port in conf/admin.conf. I have done a considerable amount of work getting this code to work with PostgreSQL and ensuring that MySQL works without having to modify the SQL tables, data or any of the other config files. It is dead easy to see that the code works. I have provided a patch, some sample data for both MySQL and PostgreSQL and a demo site running with both configurations. The homepage for the site is at : http://sphinx.incentre.net/ Please have a look, and get back to me with your suggestions. I would like to see this put into cvs soon. I have a fair amout of other development to do, and don't want to have too many patch levels to maintain. For the non developers watching this post, these are the steps required to test this patch : mkdir test-dir cd test-dir cvs -d :pserver:[EMAIL PROTECTED]:/source login cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd cvs -d :pserver:[EMAIL PROTECTED]:/source logout patch < dialupadmin-pg-compatability.patch The radiusd directory should now be patched. I will put the patches for the dialup_admin/bin files once I get feedback. RSVP -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
> modcall[authorize]: module "preprocess" returns ok for request 3 > radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215' > rlm_detail: > /var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands > to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215 > modcall[authorize]: module "auth_log" returns ok for request 3 [snip] > modcall: entering group post-auth for request 3 > radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215' > rlm_detail: > /var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d > expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215 > modcall[post-auth]: module "reply_log" returns ok for request 3 [snip] > modcall[accounting]: module "sql" returns ok for request 4 > radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/detail-20031215' > rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/detail-%Y%m%d > expands to /var/log/radiusd/radacct/81.20.32.130/detail-20031215 > modcall[accounting]: module "detail" returns ok for request 4 > modcall[accounting]: module "unix" returns ok for request 4 > radius_xlat: '/var/log/radiusd/radutmp' > radius_xlat: '[EMAIL PROTECTED]' > modcall[accounting]: module "radutmp" returns ok for request 4 > modcall: group accounting returns ok for request 4 > Please bear in mind that authentication and authorisation is done using > flat files, accounting is done in a database. The latter doesn't work. James, All of your accounting data is being written to the details files. You must not have put "sql" in the accounting section of radius.conf. Also make sure the sql queries in sql.conf are correct for the "radacct" table. Take a look at my radius.conf for reference to using mysql for accounting and user/pass/groups (auth). http://mrtizmo.com/freeradius/ Hope some of this helps! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote: At Mon, 15 Dec 2003 12:57:24 +, James Green wrote: ZORBADELOS KONSTANTINOS wrote: You said you used radiusd -x and not radiusd -X (case is important). Please send the output you receive from radiusd -X. See the rlm_sql and radius_xlat messages. Perhaps something is wrong with the configuration of queries. Hello again. Right, we've just had our NAS configured to the same spec that the exising (non-test) one is which logs things fine. Yet we still don't see anything in our database on the test number. Here's the debug output - I hope someone can point the finger... rad_recv: Access-Request packet from host 81.20.32.130:2048, id=40, length=317 Attr-172818433 = 0x202449643a2041707469732e76696e666f2020496d6167654e616d653d6665706d64202056657273696f6e3d332e362e32703220204275696c644e756d6265723d3332383420204275696c64446174653d31322f31392f3230303020204275696c6454696d653d31363a33313a333820204d616368696e653d4255494c4430332020557365723d4275696c642020546172676574426f6172643d736363202054617267657450726f636573736f723d50504336303320204272616e63683d7033363220204578702024 NAS-IP-Address = 81.20.32.130 User-Name = "[EMAIL PROTECTED]" CHAP-Password = 0x017095d941e007b1ca52c6ee6137cf8d65 Called-Station-Id = "08714719098" Calling-Station-Id = "1493660030" NAS-Port = 17236748 NAS-Port-Type = Async Framed-Protocol = PPP Service-Type = Framed-User modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215' rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215 modcall[authorize]: module "auth_log" returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 3 modcall[authorize]: module "eap" returns noop for request 3 rlm_realm: Looking up realm "wapmob" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "wapmob" rlm_realm: Adding Stripped-User-Name = "james" rlm_realm: Proxying request from user james to realm wapmob rlm_realm: Adding Realm = "wapmob" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns notfound for request 3 users: Matched DEFAULT at 152 users: Matched DEFAULT at 159 modcall[authorize]: module "files" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Login OK: [james/] (from client intelliplus port 17236748 cli 1493660030) modcall: entering group post-auth for request 3 radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215' rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215 modcall[post-auth]: module "reply_log" returns ok for request 3 modcall: group post-auth returns
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 12:57:24 +, James Green wrote: > > ZORBADELOS KONSTANTINOS wrote: > You said you used radiusd -x and not radiusd -X (case is important). Please send the output you receive from radiusd -X. See the rlm_sql and radius_xlat messages. Perhaps something is wrong with the configuration of queries. > >At Mon, 15 Dec 2003 10:25:36 +, > >James Green wrote: > > > > > >Use radiusd -X and see what happens with the requests. You should see > >the sql queries that the server tries to execute. > > > > > > Zorbadelos, > > This has been done. That is how I know it connects to the database, but > doesn't perform any SQL queries. > > I can get it to look up the user in the database even, it just refuses > to log the result in the database. > > Its driving me up the wall :-( > > James > > > > > > >>Good morning all, > >> > >>We have a server with a really old copy of FreeRADIUS logging accounting > >>data to mysql 3.xx. We are now in the process of upgrading to the latest > >>stable of mysql 4 and freeradius. > >> > >>We've built the system on a separate machine and it works during > >>testing, except it doesn't log anything to mysql. We have authorisation > >>checks using flat files, but use mysql for logging. > >> > >>radtest works fine, nothing in mysql. radiusd -x shows it connects fine > >>to the mysql server, and mysqld shows it has connected. > >> > >>Yet there is no sqltrace.sql file either. > >> > >>We have confirmed the username/password details can log in, and the > >>table names are correct. The accounting{} part is as default, with 'sql' > >>right above 'unix'. > >> > >>Some help would be appreciated. We are at a loss! > >> > >>Thanks, > >> > >>James Green > >> > >> > >> > >>- > >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >> > >> > >== > > Kostas Zorbadelos > > Currently at: Otenet IT Department > > mailto: [EMAIL PROTECTED] > > > > Out there in the darkness, out there in the night > > out there in the starlight, one soul burns brighter > > than a thousand suns. > > > > > >- > >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote: At Mon, 15 Dec 2003 10:25:36 +, James Green wrote: Use radiusd -X and see what happens with the requests. You should see the sql queries that the server tries to execute. Zorbadelos, This has been done. That is how I know it connects to the database, but doesn't perform any SQL queries. I can get it to look up the user in the database even, it just refuses to log the result in the database. Its driving me up the wall :-( James Good morning all, We have a server with a really old copy of FreeRADIUS logging accounting data to mysql 3.xx. We are now in the process of upgrading to the latest stable of mysql 4 and freeradius. We've built the system on a separate machine and it works during testing, except it doesn't log anything to mysql. We have authorisation checks using flat files, but use mysql for logging. radtest works fine, nothing in mysql. radiusd -x shows it connects fine to the mysql server, and mysqld shows it has connected. Yet there is no sqltrace.sql file either. We have confirmed the username/password details can log in, and the table names are correct. The accounting{} part is as default, with 'sql' right above 'unix'. Some help would be appreciated. We are at a loss! Thanks, James Green - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 10:25:36 +, James Green wrote: > Use radiusd -X and see what happens with the requests. You should see the sql queries that the server tries to execute. > Good morning all, > > We have a server with a really old copy of FreeRADIUS logging accounting > data to mysql 3.xx. We are now in the process of upgrading to the latest > stable of mysql 4 and freeradius. > > We've built the system on a separate machine and it works during > testing, except it doesn't log anything to mysql. We have authorisation > checks using flat files, but use mysql for logging. > > radtest works fine, nothing in mysql. radiusd -x shows it connects fine > to the mysql server, and mysqld shows it has connected. > > Yet there is no sqltrace.sql file either. > > We have confirmed the username/password details can log in, and the > table names are correct. The accounting{} part is as default, with 'sql' > right above 'unix'. > > Some help would be appreciated. We are at a loss! > > Thanks, > > James Green > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius 0.9.3 / mysql 4.0.16: no logging
Good morning all, We have a server with a really old copy of FreeRADIUS logging accounting data to mysql 3.xx. We are now in the process of upgrading to the latest stable of mysql 4 and freeradius. We've built the system on a separate machine and it works during testing, except it doesn't log anything to mysql. We have authorisation checks using flat files, but use mysql for logging. radtest works fine, nothing in mysql. radiusd -x shows it connects fine to the mysql server, and mysqld shows it has connected. Yet there is no sqltrace.sql file either. We have confirmed the username/password details can log in, and the table names are correct. The accounting{} part is as default, with 'sql' right above 'unix'. Some help would be appreciated. We are at a loss! Thanks, James Green - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: >oh boy, I remember kicking this around for ever as well ... > >My solution was to 1) be sure you have development rpms installed and >2) >do not use "--disable-shared" when running configure. I don't know >exactly why this changed things, but compiling with shared libraries it >was able to find and use all the necessary mysql libs and includes. > >I installed the following MySQL rpms (Redhat) : > MySQL-devel-4.0.16-0 > MySQL-shared-compat-4.0.16-0 > MySQL-client-4.0.16-0 > MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Alan, What file(s) should I run ldd against? Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 4:44 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! "Deramus, Chris" <[EMAIL PROTECTED]> wrote: > I have checked and verified the LD_LIBRARY_PATH variable, I have > updated ld.so.conf as well. I've tried multiple configuration options, > including disable-shared. Something isn't adding up. Any suggestions > would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 04:14 PM 12/12/2003, Chris Parker wrote: At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use "--disable-shared" when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. Following up my own post, here are the changes we had to make to the 'configure' in 'src/modules/rlm_sql/drivers/rlm_mysql', around line 900. LIBS="$LIBS -lz" to LIBS="$LIBS -lsocket -lnsl -lm -lz" In other words, we added the '-lsocket -lnsl -lm' libraries, as there are needed for the compilation to complete. Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use "--disable-shared" when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
"Deramus, Chris" <[EMAIL PROTECTED]> wrote: > I have checked and verified the LD_LIBRARY_PATH variable, I have updated > ld.so.conf as well. I've tried multiple configuration options, including > disable-shared. Something isn't adding up. Any suggestions would be most > appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use "--disable-shared" when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 -rob At 04:23 PM 12/12/2003 -0500, you wrote: To all, I have spent over 16 hours working this issue now and am completely out of ideas. I have tried RPM Installations of multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still getting the error message: > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Deramus, Chris Sent: Friday, December 12, 2003 2:01 PM To: '[EMAIL PROTECTED]' Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Help!
Title: Message To all, I have spent over 16 hours working this issue now and am completely out of ideas. I have tried RPM Installations of multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still getting the error message: > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. Chris DeRamus OCIO VPN Administrator SAIC -Original Message-From: Deramus, Chris Sent: Friday, December 12, 2003 2:01 PMTo: '[EMAIL PROTECTED]'Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Title: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
I also mis-typed my message. The package that I was talking about was mysql-shared not mysql-devel. I do not think you need mysql-shared though, or do you? Thanks, Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/ SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
On Fri, 2003-12-12 at 08:18, Deramus, Chris wrote: > Here's the output from the box, as you can see I have the development > package. Any other thoughts? > > [EMAIL PROTECTED] ->rpm -qa | grep mysql > mysqlclient9-3.23.22-8 > mysql-devel-3.23.58-1.72 > mysql-3.23.58-1.72 > php-mysql-4.1.2-2.1.6 > mysql-server-3.23.58-1.72 > mod_auth_mysql-1.11-1 > Recompile with options: --with-rlm-sql-lib-dir=/usr/lib/mysql --with-rlm-sql-include-dir=/usr/include/mysql Give that a try. --Josh Snyder, Linux/UNIX Systems Administrator NetNITCO Internet Services [EMAIL PROTECTED] http://www.netnitco.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Here's the output from the box, as you can see I have the development package. Any other thoughts? [EMAIL PROTECTED] ->rpm -qa | grep mysql mysqlclient9-3.23.22-8 mysql-devel-3.23.58-1.72 mysql-3.23.58-1.72 php-mysql-4.1.2-2.1.6 mysql-server-3.23.58-1.72 mod_auth_mysql-1.11-1 Thanks! Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/ SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: > To all -- > > I recently upgraded my development RADIUS box which was running RedHat > 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which > included all Mysql related packages contained on the CD's. It was > noted that the Enterprise installation did not contain a Mysql-devel > package, I am assuming it is now bundled in with one of the other > rpm's. I tested SQL queries from both web applications and command > line and everything seemed to be a go so I then configured freeradius. > I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL
Title: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I used the following configure line: ./configure --with-mysql-include-dir=/usr/include/mysql --with-mysql-dir=/usr/lib/mysql --with-mysql I configured the flat configuration files including radiusd.conf to match my desired configuration. SQL is setup like so: --- Pasted from radiusd.conf --- $INCLUDE ${confdir}/sql.conf $INCLUDE ${confdir}/sql2.conf authorize { # # The preprocess module takes care of sanitizing some bizarre # attributes in the request, and turning them into attributes # which are more standard. # # It takes care of processing the 'raddb/hints' and the # 'raddb/huntgroups' files. # # It also adds a Client-IP-Address attribute to the request. autztype sql1 { sql } autztype sql2 { sql2 } accounting { detail acctype sql1 { sql } acctype sql2 { sql2 } radutmp My sql.conf and sql2.conf files repesctively called the driver rlm_sql_mysql. Upon launching radiusd with debugging turned on I get the following message: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. I have re-configured the sql_mysql module multiple times, even as a static module and no luck. I am wondering if this has to do with differences in the way MySQL is setup in the Enterprise 2.1 ES distro? Any light that you can shed on this issue would be greatly appreciated. Thanks and have a great day, Chris DeRamus
Re: Freeradius 0.9.3 with mysql
Dan Monjar <[EMAIL PROTECTED]> wrote: > Were you able to address the occasional server crash in response to the > HUP? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
--On Thursday, December 11, 2003 01:40:40 PM -0500 Alan DeKok <[EMAIL PROTECTED]> wrote: Graeme Hinchliffe <[EMAIL PROTECTED]> wrote: Will a HUP force a reload of the config? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Were you able to address the occasional server crash in response to the HUP? -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
Graeme Hinchliffe <[EMAIL PROTECTED]> wrote: > Will a HUP force a reload of the config? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
On Wed, 10 Dec 2003 13:56:44 -0500 "Alan DeKok" <[EMAIL PROTECTED]> wrote: > "Justin Williams" <[EMAIL PROTECTED]> wrote: > > By the way, I did not see a command in the man pages to restart radiusd > > after making config changes. Is there such? > > Huh? It's a normal program. You just kill it, and re-start it. Will a HUP force a reload of the config? -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
In Mandrake (very similar to redhat in most respects), service radiusd restart returned the error that radiusd was not registered as a service... For the moment, kill works... ;-) Thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: Wednesday, December 10, 2003 5:46 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql The init command will depend on the distribution you are using. On RH, as root it should be somthing like : /sbin/service radiusd restart On Debian : /etc/init.d/freeradius restart On Suse: /etc/init.d/radiusd restart On FreeBSD :-) /usr/local/etc/rc.d/radiusd.sh restart Good luck. Justin Williams wrote: >Thanks! Was thinking in terms of daemons like httpd, which have their >own start/stop commands. > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Alan >DeKok >Sent: Wednesday, December 10, 2003 1:57 PM >To: [EMAIL PROTECTED] >Subject: Re: Freeradius 0.9.3 with mysql > > >"Justin Williams" <[EMAIL PROTECTED]> wrote: > > >>By the way, I did not see a command in the man pages to restart >>radiusd after making config changes. Is there such? >> >> > > Huh? It's a normal program. You just kill it, and re-start it. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
The init command will depend on the distribution you are using. On RH, as root it should be somthing like : /sbin/service radiusd restart On Debian : /etc/init.d/freeradius restart On Suse: /etc/init.d/radiusd restart On FreeBSD :-) /usr/local/etc/rc.d/radiusd.sh restart Good luck. Justin Williams wrote: Thanks! Was thinking in terms of daemons like httpd, which have their own start/stop commands. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql "Justin Williams" <[EMAIL PROTECTED]> wrote: By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Thanks! Was thinking in terms of daemons like httpd, which have their own start/stop commands. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql "Justin Williams" <[EMAIL PROTECTED]> wrote: > By the way, I did not see a command in the man pages to restart > radiusd after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
"Justin Williams" <[EMAIL PROTECTED]> wrote: > By the way, I did not see a command in the man pages to restart radiusd > after making config changes. Is there such? Huh? It's a normal program. You just kill it, and re-start it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Thank you! By the way, I did not see a command in the man pages to restart radiusd after making config changes. Is there such? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:48 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql "Justin Williams" <[EMAIL PROTECTED]> wrote: > Bingo... That worked... I was missing the sql entry in the authorize > section... That's good to hear. > Would still love to go read up on radius, though! Buy the RADIUS book. See the web site for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
"Justin Williams" <[EMAIL PROTECTED]> wrote: > Bingo... That worked... I was missing the sql entry in the authorize > section... That's good to hear. > Would still love to go read up on radius, though! Buy the RADIUS book. See the web site for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Bingo... That worked... I was missing the sql entry in the authorize section... Would still love to go read up on radius, though! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Williams Sent: Wednesday, December 10, 2003 1:43 PM To: [EMAIL PROTECTED] Subject: RE: Freeradius 0.9.3 with mysql Already running in debugging mode, but, too ignorant of what it all means. If there is a reference you recommend that would help me learn more about radius, in general, I'll be happy to go hunting in there too. I added sql to the accounting section in radius.conf, but I did not add it into the authorize section... Added that and will hope that it works... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql "Justin Williams" <[EMAIL PROTECTED]> wrote: > At any rate, with the user "test" in the users file, it authenticates > just fine. When I comment that out and add the user to the mysql > table, usergroups, it does not authenticate, and I don't notice any > reference to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 with mysql
Already running in debugging mode, but, too ignorant of what it all means. If there is a reference you recommend that would help me learn more about radius, in general, I'll be happy to go hunting in there too. I added sql to the accounting section in radius.conf, but I did not add it into the authorize section... Added that and will hope that it works... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, December 10, 2003 1:30 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius 0.9.3 with mysql "Justin Williams" <[EMAIL PROTECTED]> wrote: > At any rate, with the user "test" in the users file, it authenticates > just fine. When I comment that out and add the user to the mysql > table, usergroups, it does not authenticate, and I don't notice any > reference to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 with mysql
"Justin Williams" <[EMAIL PROTECTED]> wrote: > At any rate, with the user "test" in the users file, it authenticates > just fine. When I comment that out and add the user to the mysql table, > usergroups, it does not authenticate, and I don't notice any reference > to mysql in the rejection notice So run it in debugging mode to see what's going wrong. Also, you *do* need to configure 'radiusd.conf' to use the SQL module. You can't just put users into an SQL database, and hope that the server magically knows where to look. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 0.9.3 with mysql
Hi all I have freeradius 0.9.3 set up on a linux box with (presumably) mysql compiled in as well. I have the mysql-devel files installed before configure/make/make installing. I followed through the how-to found at http://www.frontios.com/freeradius.html, but, that is a set of how-to for a somewhat older version. At any rate, with the user "test" in the users file, it authenticates just fine. When I comment that out and add the user to the mysql table, usergroups, it does not authenticate, and I don't notice any reference to mysql in the rejection notice (I can copy/paste that notice in if it will help anybody). I did notice an extra table in the current version that was not mentioned in the how-to, and that is the table radacct. Is that where I need to be adding users, later on (when this thing actually goes live)? On a different note, has anybody used this radius daemon with the Venturi acceleration server? Any pointers on that would be helpful too! Thanks!! --===-- Justin Williams Penguin Herder Power Shift Online Services 571 South Main Street Stowe, VT 05672 877-949-9967 Who shook my snow globe?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with MySQL
"Leandro Sant'ana" <[EMAIL PROTECTED]> wrote: > I commented that's lines in file /etc/raddb/users ... > #DEFAULT Auth-Type =3D System > #Fall-Through =3D 1 > > To force Auth-Type in databases No. Uncommenting that line means you forced it to NOT use System authentication. But you didn't tell it what OTHER authentication method to use, so the server failed. > modcall: group authorize returns ok for request 0 > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user Did you try setting an Auth-Type somewhere? What part of the error message is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with MySQL
Please read the FAQ before posting again. Turn off your Graphic and html. Leandro Sant'ana wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius with MySQL
Leandro, See to it you included sql in authorization and accounting. Another helpful information ... http://www.frontios.com/freeradius.html = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius with MySQL
Title: Untitled Document Hi! Don't know why but when i try to authentication an user using database don't work. I commented that's lines in file /etc/raddb/users # First setup all accounts to be checked against the UNIX /etc/passwd.# (Unless a password was already given earlier in this file).##DEFAULT Auth-Type = System# Fall-Through = 1 To force Auth-Type in databases and give this error: rad_recv: Access-Request packet from host 192.168.0.60:32799, id=228, length=61 User-Name = "aferreira" User-Password = "stag" NAS-IP-Address = 255.255.255.255 NAS-Port = 0modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0radius_xlat: '/var/log/radius/radacct/192.168.0.60/auth-detail-20031210'rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.60/auth-detail-20031210 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "aferreira", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall[authorize]: module "mschap" returns noop for request 0modcall: group authorize returns ok for request 0auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user.Delaying request 0 for 1 seconds Anybody know what de happend? Leandro Sant'anaMeu Provedor Tecnologias e Informática Ltda.Rua Camerino, 128 Grs. 302Centro - Rio de Janeiro - RJ - CEP 20080-010Tel.: 55 21 25181011 (PABX/FAX)Telefone Móvel - Celular: 55 21 8844-2645 <>
Re: sample data for mysql setup with dialup_admin
I forgot to add a comment with the password for troll since it is encrypted. :) The password is : skunk Have a nice day, y'all. Guy Fraser wrote: Hi I know people are always asking for sample data, since I am in the process of testing the mysql version of dialup_admin for compatability with my postgresql patches, I have created some sample data for testing. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sample data for mysql setup with dialup_admin
Hi I know people are always asking for sample data, since I am in the process of testing the mysql version of dialup_admin for compatability with my postgresql patches, I have created some sample data for testing. -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. delete from usergroup ; insert into usergroup (username,groupname) values('fredf','ppp-unlimited'); insert into usergroup (username,groupname) values('barneyr','ppp-static'); insert into usergroup (username,groupname) values('troll','ppp-unlimited'); insert into usergroup (username,groupname) values('frog','nas-prompt'); delete from radcheck ; insert into radcheck (username,attribute,op,value) values('fredf','User-Password','==','wilma'); insert into radcheck (username,attribute,op,value) values('barneyr','User-Password','==','betty'); insert into radcheck (username,attribute,op,value) values('troll','Crypt-Password','==','$1$A8BotTi4$UTg2XL.fSStI2RFENUfnR.'); insert into radcheck (username,attribute,op,value) values('frog','User-Password','==','kermit'); delete from radreply ; insert into radreply (username,attribute,op,value) values('barneyr','Framed-IP-Address',':=','10.19.65.38'); insert into radreply (username,attribute,op,value) values('barneyr','Framed-IP-Netmask',':=','255.255.255.252'); delete from radgroupcheck ; insert into radgroupcheck (groupname,attribute,op,value) values('ppp-unlimited','Auth-Type',':=','Local'); insert into radgroupcheck (groupname,attribute,op,value) values('ppp-static','Auth-Type',':=','Local'); insert into radgroupcheck (groupname,attribute,op,value) values('nas-prompt','Auth-Type',':=','Local'); delete from radgroupreply ; insert into radgroupreply (groupname,attribute,op,value) values('ppp-unlimited','Framed-Compression',':=','Van-Jacobsen-TCP-IP'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-unlimited','Framed-Protocol',':=','PPP'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-unlimited','Service-Type',':=','Framed-User'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-unlimited','Framed-MTU',':=','1500'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-static','Framed-Compression',':=','Van-Jacobsen-TCP-IP'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-static','Framed-Protocol',':=','PPP'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-static','Service-Type',':=','Framed-User'); insert into radgroupreply (groupname,attribute,op,value) values('ppp-static','Framed-MTU',':=','1500'); insert into radgroupreply (groupname,attribute,op,value) values('nas-prompt','Framed-MTU',':=','1500'); insert into radgroupreply (groupname,attribute,op,value) values('nas-prompt','Framed-Compression',':=','Van-Jacobson-TCP-IP'); insert into radgroupreply (groupname,attribute,op,value) values('nas-prompt','Service-Type',':=','NAS-Prompt'); delete from userinfo ; insert into userinfo (username,name,mail,department,workphone,homephone,mobile) values('fredf','Fred Flintstone','-','Quarry','-','-','-'); insert into userinfo (username,name,mail,department,workphone,homephone,mobile) values('barneyr','Barney Rubble','-','Office','-','-','-'); insert into userinfo (username,name,mail,department,workphone,homephone,mobile) values('troll','Erik The Red','-','Bridge','-','-','-'); insert into userinfo (username,name,mail,department,workphone,homephone,mobile) values('frog','Kermit The Frog','-','Pond','-','-','-'); delete from totacct ; insert into totacct (username,acctdate,connnum,conn
Re: Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius
Hi, Documentation says: for sql make sure to have Max-All-Session entry under either radcheck or radgroup check table: > INSERT into radcheck VALUES ('','test0001','Max-All-Session','54000',':='); I hope this help you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius
Is this possible??? Max-All-Session-Time or Max-Seesion-Time for groups in a mysql database and freeradius when i put this attribute in radcheck, all is ok... but i want use it like a group attribute in the radgroupcheck o radgroupreply but when i do this nothing happens. Roddy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
At Wed, 3 Dec 2003 13:22:14 -0500, Michael Shanafelt wrote: > Look into your ${exec_prefix}/lib to see if you have something like rlm_sql_mysql.so -> rlm_sql_mysql-0.9.2.so If you don't, make sure you have mysql-dev packages installed (header files and stuff) and recompile paying attention to configure and make messages. > OK, I had my FreeRadius server working fine for Wireless LAN MAC > authentication using the clients and users text files. > > My next step was to setup a MySQL database that would store the > usernames and groups rather than having the text file. I followed the > directions in Hassell's RADIUS book and everything was successful until > I issued the radiusd -x -x command to start the server. > > Now I'm getting an error stating: > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > Radiusd.conf[14]: sql: Module instantiation failed. > > My limited knowledge tells me that the rlm_sql_mysql driver isn't > installed. Is this correct? How can I fix it? > > Thanks, > Mike > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help with RLM MYSQL
Hmm, You probably forgot to install the mysql devel rpm. Cheers Patrick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Breuer Nicolas - BelCenter.com Sent: woensdag 3 december 2003 10:55 To: [EMAIL PROTECTED] Subject: Help with RLM MYSQL Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make & make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
same problem.. On 3 Dec 2003 at 13:22, Michael Shanafelt wrote: > OK, I had my FreeRadius server working fine for Wireless LAN MAC > authentication using the clients and users text files. > > My next step was to setup a MySQL database that would store the > usernames and groups rather than having the text file. I followed the > directions in Hassell's RADIUS book and everything was successful > until I issued the radiusd -x -x command to start the server. > > Now I'm getting an error stating: > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. Radiusd.conf[14]: sql: Module > instantiation failed. > > My limited knowledge tells me that the rlm_sql_mysql driver isn't > installed. Is this correct? How can I fix it? > > Thanks, > Mike > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html BREUER NICOLAS Content & Marketing Manager ** BELCENTER ISP & PORTALS ** Avenue Henri Conscience, 94 B -1140 Bruxelles ** HelpDesk : 0902/40.120 ** Tél. :+32 2 243 0 243 Fax :+32 2 243 0 244 E Mail : [EMAIL PROTECTED] http://www.BelCenter.com | http://www.BelCenter.net http://www.LuxCenter.net | http://www.BulkSMS.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL with FreeRadius (rlm_sql_mysql driver problem)
OK, I had my FreeRadius server working fine for Wireless LAN MAC authentication using the clients and users text files. My next step was to setup a MySQL database that would store the usernames and groups rather than having the text file. I followed the directions in Hassell's RADIUS book and everything was successful until I issued the radiusd -x -x command to start the server. Now I'm getting an error stating: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. Radiusd.conf[14]: sql: Module instantiation failed. My limited knowledge tells me that the rlm_sql_mysql driver isn't installed. Is this correct? How can I fix it? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with RLM MYSQL
On Wed, Dec 03, 2003, Breuer Nicolas - BelCenter.com wrote: > > Hello > > I have a big prob.. > > I would like to use the rlm sql mysql module.. > My os is redhat 9 and i can't install and use this module.. I just ran into this last week when building freeradius under the OpenPKG.org packaging system. If your mysql headers and libraries aren't in /usr/local/include and /usr/local/lib or similar standard locations or aren't installed at all, you probably have to do a couple of things: :19: warning: macro `..' not defined 1. You may need to install the mysql-devel RPM on your RH system if they headers and libraries aren't there (I'm not very familiar with RH RPM structures, currently using SuSE, formerly Caldera Linux). 2. You may have to add a couple of options to your configure: ./configure \ --with-mysql-include-dir=path_to_mysql_headers \ --with-mysql-lib-dir=path_to_mysql_libraries \ ... The base ./configure script doesn't give the options for mysql or postgresql, and probably some others. I found them by running ``./configure --help'' in the appropriate directories. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Systems, Inc. UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``The who nation is interested that the best use shall be made of these [new] territories. We want them for the homes of free white people'' -- Abraham Lincoln, Octobe 16, 1854 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Josh Howlett <[EMAIL PROTECTED]> wrote: > Thanks, this will make life a bit easier. Thanks also for helping Elliot > out. This thread was started while I was out of the office, so I wasn't > able to cut in and help Elliot myself. You're welcome. > Would you mind naming it "dictionary.university_of_bristol" on the basis > that the official IANA vendor code calls it this? I'll also be updating > my documentation to include FreeRADIUS info, as well as IAS. It's "dictionary.bristol" now. I can change it, but I don't see it a huge reason to do so. (i.e. I'm lazy...) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with RLM MYSQL
Liste files i have config.log configure db_mysql.sql Makefile.in rlm_sql_mysql.la sql_mysql.lo config.status configure.in Makefile rlm_sql_mysql.a sql_mysql.c sql_mysql.o On 3 Dec 2003 at 11:16, Arthur B Olsen wrote: > The file is missing. Go to > $(radiussource)/src/modules/rlm_sql/drivers/rlm_sql_mysql/ and see if > it is built. > > On Wednesday 03 December 2003 09:55, Breuer Nicolas - BelCenter.com > wrote: > Hello > > I have a big prob.. > > I would like to use the > rlm sql mysql module.. > My os is redhat 9 and i can't install and > use this module.. > > When i do a config , make & make install > (in > dynamic or static), all module 'll be loaded > except mysql > > > rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found > > rlm_sqlippool: Make sure it (and all its dependent libraries!) are in > > the search path of your system's ld. > > I add my libdir to ld.conf > and run ldconfig , same probs. > > Please help me > > Thanks > Nico > > > - > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > -- > Arthur B Olsen > P/F Teletech > J.C. Svabosgøta 8 > 100 Tórshavn > Tlf: 317265 > Mobil:220781 > Email:[EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html BREUER NICOLAS Content & Marketing Manager ** BELCENTER ISP & PORTALS ** Avenue Henri Conscience, 94 B -1140 Bruxelles ** HelpDesk : 0902/40.120 ** Tél. :+32 2 243 0 243 Fax :+32 2 243 0 244 E Mail : [EMAIL PROTECTED] http://www.BelCenter.com | http://www.BelCenter.net http://www.LuxCenter.net | http://www.BulkSMS.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with RLM MYSQL
The file is missing. Go to $(radiussource)/src/modules/rlm_sql/drivers/rlm_sql_mysql/ and see if it is built. On Wednesday 03 December 2003 09:55, Breuer Nicolas - BelCenter.com wrote: > Hello > > I have a big prob.. > > I would like to use the rlm sql mysql module.. > My os is redhat 9 and i can't install and use this module.. > > When i do a config , make & make install > (in dynamic or static), all module 'll be loaded > except mysql > > rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found > rlm_sqlippool: Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > > I add my libdir to ld.conf and run ldconfig , same probs. > > Please help me > > Thanks > Nico > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Arthur B Olsen P/F Teletech J.C. Svabosgøta 8 100 Tórshavn Tlf: 317265 Mobil:220781 Email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with RLM MYSQL
Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make & make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with RLM MYSQL
Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make & make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth MS-CHAP and mysql
At Mon, 1 Dec 2003 12:10:51 -0500, Duane Barnes wrote: > > [1 ] > I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to > allow ms-chap and have gotten it to instantiate the module, but I don't know > how to enter the ms-chap password into the mysql db. Below is the error: > > Error: rlm_sql_authorize: no rows returned from query (no such user) > Auth: Login incorrect: [testuser/] (from client radius port > 0) > [2 ] > http://www.frontios.com/freeradius.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
On Tue, 2003-12-02 at 19:26, Alan DeKok wrote: > "Eliot Gable" <[EMAIL PROTECTED]> wrote: > > The only essential design feature is this: when a user authenticates = > > against a localnode, a Vendor-Specific attribute (with a vendor code of = > > "4363" and attribute number of "5") containing a string of the name of = > > the user's RNET must be returned to the localnode and homenode. > > You didn't understand it, so you took it to mean that you > should so something totally different, rather than figure out how to > do it properly. > > See the dictionary files for examples of vendor dictionariess. > Heck, grab the CVS snapshot tomorrow, and I've added a > 'dictionary.bristol', based on what you said. Alan, Thanks, this will make life a bit easier. Thanks also for helping Elliot out. This thread was started while I was out of the office, so I wasn't able to cut in and help Elliot myself. Would you mind naming it "dictionary.university_of_bristol" on the basis that the official IANA vendor code calls it this? I'll also be updating my documentation to include FreeRADIUS info, as well as IAS. josh. -- --- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable, --Tuesday, December 2, 2003, 9:58:52 PM, you wrote to [EMAIL PROTECTED]: EG> | 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net | 0 | Read RFC about what Vendor-Specific attribute is. -- ~/ZARAZA Патриотизм - это та же религия. (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable, Try to use shorter secret. --Tuesday, December 2, 2003, 6:08:17 PM, you wrote to [EMAIL PROTECTED]: >>From the NAS realms.conf file: EG> realm homenode.greatlakes.net { EG> type=radius EG> authhost=208.244.161.200:1812 EG> accthost=208.244.161.200:1813 EG> secret=076q2345hudp89YASIJF7890QW4 EG> nostrip EG> } >>From the server's clients.conf file: EG> client homenode.greatlakes.net { EG> secret = 076q2345hudp89YASIJF7890QW4 EG> shortname = homenode EG> } EG> The NAS is running "FreeRADIUS Version 0.9-pre, for host i686-pc-linux-gnu, built on Feb 21 2003 at 15:58:26". EG> The Server is running "FreeRADIUS Version 0.9.3, for host i686-pc-linux-gnu, built on Dec 1 2003 at 16:31:07" EG> I cannot change what is running on the NAS, but I can change what is running on the server if it is a version conflict or something. EG> -Original Message- EG> From: 3APA3A [mailto:[EMAIL PROTECTED] EG> Sent: Tuesday, December 02, 2003 5:27 AM EG> To: Eliot Gable EG> Subject: Re: MS-CHAPv2 + MySQL + group authtype failure EG> Dear Eliot Gable, EG> Make sure shared secret configured for NAS and password entered by EG> client are valid. Check cleartext and MS-CHAP (v1) authentication. EG> --Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]: EG>> I've been trying to get a Windows XP machine to authenticate against freeRADIUS 0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a group-check failure. I can't figure EG>> out why I'm getting that. I modified the rlm_mschap.c file to print out the two strings it is comparing where the failure takes place. I didn't format it nicely, so it looks like gibberish, but EG>> it at least shows how different the strings are. I'm using MySQL to store the username/password and group information. -- ~/ZARAZA Впрочем, важнее всего - алгоритм! (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > So, is it wrong to just use the prefix to calculate the response in the > cases where you get a prefix and a suffix? Or are there some cases where > this would break other things? Just curious... The problem is you don't know what the prefix is. Windows is is extremely complicated, does very weird things, and never, ever, tells you what it does, or why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
So, is it wrong to just use the prefix to calculate the response in the cases where you get a prefix and a suffix? Or are there some cases where this would break other things? Just curious... -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 3:30 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure "Eliot Gable" <[EMAIL PROTECTED]> wrote: > I got it to work. I removed the @homenode.greatlakes.net from the > username and the received response then matched the calculated response. Yup. > My question now is, if both user egable and > [EMAIL PROTECTED] are in the database with the same > password, why would it matter which way it is passed in? Because the client (i.e. Windows box) is using "egable" to calculate the MS-CHAP data, and then sending "[EMAIL PROTECTED]" as the User-Name to the RADIUS server. So the RADIUS tries to use "[EMAIL PROTECTED]" to calculate the MS-CHAP data, and gets confused. I hate Windows. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > I got it to work. I removed the @homenode.greatlakes.net from the > username and the received response then matched the calculated response. Yup. > My question now is, if both user egable and > [EMAIL PROTECTED] are in the database with the same > password, why would it matter which way it is passed in? Because the client (i.e. Windows box) is using "egable" to calculate the MS-CHAP data, and then sending "[EMAIL PROTECTED]" as the User-Name to the RADIUS server. So the RADIUS tries to use "[EMAIL PROTECTED]" to calculate the MS-CHAP data, and gets confused. I hate Windows. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
I got it to work. I removed the @homenode.greatlakes.net from the username and the received response then matched the calculated response. My question now is, if both user egable and [EMAIL PROTECTED] are in the database with the same password, why would it matter which way it is passed in? Is it treating the second as a domain when the domain functionality does not work? Or is it something else? Personally, I'd rather not specify the @node for the username, but I'd still like to know why it doesn't work. Thanks for all the help!! -Original Message- From: Eliot Gable Sent: Tuesday, December 02, 2003 3:14 PM To: [EMAIL PROTECTED] Subject: RE: MS-CHAPv2 + MySQL + group authtype failure > -Original Message- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 02, 2003 2:29 PM > To: [EMAIL PROTECTED] > Subject: Re: MS-CHAPv2 + MySQL + group authtype failure > > > What do you mean by configuring a way for the server to authenticate > > that request? I thought the whole point of the NAS was to simply forward > > the RADIUS request to the main RADIUS server and the forward the > > response from that server to the client. > > It's not a NAS. You're using it as a proxy RADIUS server. ^^ Thank you for pointing that out. After making the previous change, instead of the malformed request error, I got: rad_recv: Access-Accept packet from host 208.244.163.17:1812, id=1, length=80 Ignoring request from unknown proxy 208.244.163.17:1812 Which clued me in to the fact that the response was coming from the second IP address on that machine, instead of the one I was sending it to. After changing the IP address in the realms.conf file on the proxy RADIUS server to the one that the response was coming from, it worked like a charm. Unfortunately, when I switch it to MS-CHAPv2 authentication, I get the same problem I had before. It enters the group authorize portion and returns an error 691, that the password is incorrect. Here is my output from the main RADIUS server (not the proxy one): Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/admin/radius" main: logdir = "/admin/radius/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/admin/radius/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/admin/radius/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/admin/radius/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/admin/radius/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Load
RE: MS-CHAPv2 + MySQL + group authtype failure
> -Original Message- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 02, 2003 2:29 PM > To: [EMAIL PROTECTED] > Subject: Re: MS-CHAPv2 + MySQL + group authtype failure > > > What do you mean by configuring a way for the server to authenticate > > that request? I thought the whole point of the NAS was to simply forward > > the RADIUS request to the main RADIUS server and the forward the > > response from that server to the client. > > It's not a NAS. You're using it as a proxy RADIUS server. ^^ Thank you for pointing that out. After making the previous change, instead of the malformed request error, I got: rad_recv: Access-Accept packet from host 208.244.163.17:1812, id=1, length=80 Ignoring request from unknown proxy 208.244.163.17:1812 Which clued me in to the fact that the response was coming from the second IP address on that machine, instead of the one I was sending it to. After changing the IP address in the realms.conf file on the proxy RADIUS server to the one that the response was coming from, it worked like a charm. Unfortunately, when I switch it to MS-CHAPv2 authentication, I get the same problem I had before. It enters the group authorize portion and returns an error 691, that the password is incorrect. Here is my output from the main RADIUS server (not the proxy one): Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/admin/radius" main: logdir = "/admin/radius/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/admin/radius/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/admin/radius/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/admin/radius/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/admin/radius/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/admin/radius/raddb/huntgroups" preprocess: hints = "/admin/radius/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" s
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > So, what he is actually saying is that I need to put this in my > radgroupreply: > > NN-Homeservice-Name := homenode.greatlakes.net Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
Thank you for the help. Let me see if I have this straight now The dictionary file that Josh Howlett sent me was: # Roamnode VSAs # # $Id: dictionary.roamnode,v 1.0 2002/08/28 17:20:00 josh Exp $ # VENDOR roamnode 4363 ATTRIBUTE NN-Data-Rate 1 integer roamnode ATTRIBUTE NN-Data-Rate-Ceiling 2 integer roamnode ATTRIBUTE NN-Homenode 3 ipaddr roamnode ATTRIBUTE NN-Homeservice4 ipaddr roamnode ATTRIBUTE NN-Homeservice-Name 5 string roamnode So, what he is actually saying is that I need to put this in my radgroupreply: NN-Homeservice-Name := homenode.greatlakes.net Correct? -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure "Eliot Gable" <[EMAIL PROTECTED]> wrote: > No, I don't understand what Vendor-Specific attributes are. Is there > someplace where I can learn about them (aside from source-code)? Or > could you possibly give me a brief explaination? http://www.freeradius.org/rfc/attributes.html And click on 'Vendor-Specific' > What do you mean by configuring a way for the server to authenticate > that request? I thought the whole point of the NAS was to simply forward > the RADIUS request to the main RADIUS server and the forward the > response from that server to the client. It's not a NAS. You're using it as a proxy RADIUS server. I'd suggest buying the RADIUS book, and reading it. It will help you a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > No, I don't understand what Vendor-Specific attributes are. Is there > someplace where I can learn about them (aside from source-code)? Or > could you possibly give me a brief explaination? http://www.freeradius.org/rfc/attributes.html And click on 'Vendor-Specific' > What do you mean by configuring a way for the server to authenticate > that request? I thought the whole point of the NAS was to simply forward > the RADIUS request to the main RADIUS server and the forward the > response from that server to the client. It's not a NAS. You're using it as a proxy RADIUS server. I'd suggest buying the RADIUS book, and reading it. It will help you a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > The only essential design feature is this: when a user authenticates = > against a localnode, a Vendor-Specific attribute (with a vendor code of = > "4363" and attribute number of "5") containing a string of the name of = > the user's RNET must be returned to the localnode and homenode. You didn't understand it, so you took it to mean that you should so something totally different, rather than figure out how to do it properly. See the dictionary files for examples of vendor dictionariess. Heck, grab the CVS snapshot tomorrow, and I've added a 'dictionary.bristol', based on what you said. > It gives an example of how to do it under IAS for Win2k, but I'm not > familiar with IAS. If you're not familiar with FreeRADIUS, then you should ask how to follow the instructions using FreeRADIUS, rather than waiting 3-4 messages before describing what you were trying to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
This is what the instructions for this NAS say: The only essential design feature is this: when a user authenticates against a localnode, a Vendor-Specific attribute (with a vendor code of "4363" and attribute number of "5") containing a string of the name of the user's RNET must be returned to the localnode and homenode. It gives an example of how to do it under IAS for Win2k, but I'm not familiar with IAS. -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:08 PM To: [EMAIL PROTECTED] Subject: RE: MS-CHAPv2 + MySQL + group authtype failure At 12:58 PM 12/2/2003, Eliot Gable wrote: > > -Original Message- > > From: 3APA3A [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, December 02, 2003 5:27 AM > > To: Eliot Gable > > Subject: Re: MS-CHAPv2 + MySQL + group authtype failure > > > > Dear Eliot Gable, > > > > Make sure shared secret configured for NAS and password entered >by > > client are valid. Check cleartext and MS-CHAP (v1) authentication. > ^ > >This almost works. The server responds with an accept packet, but the >NAS does not like the response and sends the client a reject packet. >What I am seeing is two separate(?) errors on the NAS (a roamnode that >Josh Howlett designed; output at the bottom)... > > >WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor >specific attributes do not exactly fill Vendor-Specific > >modcall: group authorize returns ok >auth: No authenticate method (Auth-Type) configuration found for the >request: Rejecting the user >auth: Failed to validate the user. >Delaying request 2 for 1 seconds > > >My vendor specific tag is set in my SQL table: > >mysql> select * from radgroupreply; >++---+-++-+- >-+ >| id | GroupName | Attribute | op | Value | prio >| >++---+-++-+- >-+ >| 1 | 56/56 | Framed-MTU | := | 1500|0 >| >| 2 | 56/56 | Service-Type| := | Framed |0 >| >| 3 | 56/56 | Framed-Protocol | := | PPP |0 >| >| 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net |0 >| >++---+-++-+- >-+ Heh, you need to put the actual vendor Attribute name, no Vendor-Specific there. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
No, I don't understand what Vendor-Specific attributes are. Is there someplace where I can learn about them (aside from source-code)? Or could you possibly give me a brief explaination? What do you mean by configuring a way for the server to authenticate that request? I thought the whole point of the NAS was to simply forward the RADIUS request to the main RADIUS server and the forward the response from that server to the client. I guess I'm missing something. I'm fairly new to RADIUS and NASes. The realms.conf file for the NAS is: realm NULL { type=radius authhost=208.244.161.200:1812 accthost=208.244.161.200:1813 secret=076q2345hudp89YASIJF7890QW4 nostrip } realm homenode.greatlakes.net { type=radius authhost=208.244.161.200:1812 accthost=208.244.161.200:1813 secret=076q2345hudp89YASIJF7890QW4 nostrip } -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 2:05 PM To: [EMAIL PROTECTED] Subject: Re: MS-CHAPv2 + MySQL + group authtype failure "Eliot Gable" <[EMAIL PROTECTED]> wrote: > > WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor > specific attributes do not exactly fill Vendor-Specific > Yes. Do you understand what Vendor-Specific attributes are? > | 4 | 56/56 | Vendor-Specific | :=3D | homenode.greatlakes.net | = This is not a Vendor-Specific attribute. Delete this entry from your database, and it will work. > modcall: group authorize returns ok > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user Maybe try configuring a way for the server to authenticate that request... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
At 12:58 PM 12/2/2003, Eliot Gable wrote: > -Original Message- > From: 3APA3A [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 02, 2003 5:27 AM > To: Eliot Gable > Subject: Re: MS-CHAPv2 + MySQL + group authtype failure > > Dear Eliot Gable, > > Make sure shared secret configured for NAS and password entered by > client are valid. Check cleartext and MS-CHAP (v1) authentication. ^ This almost works. The server responds with an accept packet, but the NAS does not like the response and sends the client a reject packet. What I am seeing is two separate(?) errors on the NAS (a roamnode that Josh Howlett designed; output at the bottom)... WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor specific attributes do not exactly fill Vendor-Specific modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds My vendor specific tag is set in my SQL table: mysql> select * from radgroupreply; ++---+-++-+- -+ | id | GroupName | Attribute | op | Value | prio | ++---+-++-+- -+ | 1 | 56/56 | Framed-MTU | := | 1500|0 | | 2 | 56/56 | Service-Type| := | Framed |0 | | 3 | 56/56 | Framed-Protocol | := | PPP |0 | | 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net |0 | ++---+-++-+- -+ Heh, you need to put the actual vendor Attribute name, no Vendor-Specific there. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
"Eliot Gable" <[EMAIL PROTECTED]> wrote: > > WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor > specific attributes do not exactly fill Vendor-Specific > Yes. Do you understand what Vendor-Specific attributes are? > | 4 | 56/56 | Vendor-Specific | :=3D | homenode.greatlakes.net |= This is not a Vendor-Specific attribute. Delete this entry from your database, and it will work. > modcall: group authorize returns ok > auth: No authenticate method (Auth-Type) configuration found for the > request: Rejecting the user Maybe try configuring a way for the server to authenticate that request... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MS-CHAPv2 + MySQL + group authtype failure
> -Original Message- > From: 3APA3A [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 02, 2003 5:27 AM > To: Eliot Gable > Subject: Re: MS-CHAPv2 + MySQL + group authtype failure > > Dear Eliot Gable, > > Make sure shared secret configured for NAS and password entered by > client are valid. Check cleartext and MS-CHAP (v1) authentication. ^ This almost works. The server responds with an accept packet, but the NAS does not like the response and sends the client a reject packet. What I am seeing is two separate(?) errors on the NAS (a roamnode that Josh Howlett designed; output at the bottom)... WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor specific attributes do not exactly fill Vendor-Specific modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 2 for 1 seconds My vendor specific tag is set in my SQL table: mysql> select * from radgroupreply; ++---+-++-+- -+ | id | GroupName | Attribute | op | Value | prio | ++---+-++-+- -+ | 1 | 56/56 | Framed-MTU | := | 1500|0 | | 2 | 56/56 | Service-Type| := | Framed |0 | | 3 | 56/56 | Framed-Protocol | := | PPP |0 | | 4 | 56/56 | Vendor-Specific | := | homenode.greatlakes.net |0 | ++---+-++-+- -+ Here is the output from the server (which looks good); the NAS output follows this: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /admin/radius/raddb/proxy.conf Config: including file: /admin/radius/raddb/clients.conf Config: including file: /admin/radius/raddb/snmp.conf Config: including file: /admin/radius/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/admin/radius" main: logdir = "/admin/radius/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/admin/radius/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/admin/radius/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/admin/radius/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/admin/radius/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/admin/radius/raddb/huntgroups" preprocess: hints = "/admin/radius/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23
RE: Auth MS-CHAP and mysql
Title: Message You need to have an entry in usergroup specifying what group the user belongs to. You need another entry in radreply specifying any specific attributes you want returned. Finally, you need an entry in radcheck specifying the username, attribute (password), op (==), and value (their password). Also, it looks like you are receiving a CHAP-Password attribute. Are you using MS-CHAP version 1 or 2, or just CHAP? Please post your config, and full radius output, as well as your client information (OS, version of CHAP, etc). Before you try getting MS-CHAP to work, get the server to authorize a plain old users using SQL. You also probably want to upgrade. From: Duane Barnes [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: Auth MS-CHAP and mysql I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to allow ms-chap and have gotten it to instantiate the module, but I don't know how to enter the ms-chap password into the mysql db. Below is the error: Error: rlm_sql_authorize: no rows returned from query (no such user) Auth: Login incorrect: [testuser/] (from client radius port 0)
RE: MS-CHAPv2 + MySQL + group authtype failure
>From the NAS realms.conf file: realm homenode.greatlakes.net { type=radius authhost=208.244.161.200:1812 accthost=208.244.161.200:1813 secret=076q2345hudp89YASIJF7890QW4 nostrip } >From the server's clients.conf file: client homenode.greatlakes.net { secret = 076q2345hudp89YASIJF7890QW4 shortname = homenode } The NAS is running "FreeRADIUS Version 0.9-pre, for host i686-pc-linux-gnu, built on Feb 21 2003 at 15:58:26". The Server is running "FreeRADIUS Version 0.9.3, for host i686-pc-linux-gnu, built on Dec 1 2003 at 16:31:07" I cannot change what is running on the NAS, but I can change what is running on the server if it is a version conflict or something. -Original Message- From: 3APA3A [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 5:27 AM To: Eliot Gable Subject: Re: MS-CHAPv2 + MySQL + group authtype failure Dear Eliot Gable, Make sure shared secret configured for NAS and password entered by client are valid. Check cleartext and MS-CHAP (v1) authentication. --Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]: EG> I've been trying to get a Windows XP machine to authenticate against freeRADIUS 0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a group-check failure. I can't figure EG> out why I'm getting that. I modified the rlm_mschap.c file to print out the two strings it is comparing where the failure takes place. I didn't format it nicely, so it looks like gibberish, but EG> it at least shows how different the strings are. I'm using MySQL to store the username/password and group information. -- ~/ZARAZA Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable, Make sure shared secret configured for NAS and password entered by client are valid. Check cleartext and MS-CHAP (v1) authentication. --Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]: EG> I've been trying to get a Windows XP machine to authenticate against freeRADIUS 0.9.3 using MS-CHAPv2. It seems to be working to start with, but then I get a group-check failure. I can't figure EG> out why I'm getting that. I modified the rlm_mschap.c file to print out the two strings it is comparing where the failure takes place. I didn't format it nicely, so it looks like gibberish, but EG> it at least shows how different the strings are. I'm using MySQL to store the username/password and group information. -- ~/ZARAZA Да, ему чертовски повезло. Эх и паршиво б ему пришлось если бы он выжил! (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth MS-CHAP and mysql
Title: Message I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to allow ms-chap and have gotten it to instantiate the module, but I don't know how to enter the ms-chap password into the mysql db. Below is the error: Error: rlm_sql_authorize: no rows returned from query (no such user) Auth: Login incorrect: [testuser/] (from client radius port 0)
Re: script to move account flat files to MySQL
Peter Nixon <[EMAIL PROTECTED]> wrote: > After I have time (Maybe tomorrow depending on workload) to look at the > code in those scripts I may (with Alan's permission) add them to cvs. If they work, do something useful, and are reasonably well written, I'm all for it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup <[EMAIL PROTECTED]> wrote: > those scripts are *not* on the cvs or anywhere else but this list :) > users2mysqlfile.pl , users2pgsqlfile.pl ! :) > > i know its all public , i think its better to package this script with > freeradius :) Many people submit things for inclusion to the server. Not all get in, and fewer get in immediately. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup wrote: On Sunday 30 November 2003 08:07, Alan DeKok wrote: Zoup <[EMAIL PROTECTED]> wrote Huh? WHat do you mean by that? What scripts are you talking about There is no "secret" CVS repository of scripts. It's all public, and all scripts are distributed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html those scripts are *not* on the cvs or anywhere else but this list :) users2mysqlfile.pl , users2pgsqlfile.pl ! :) i know its all public , i think its better to package this script with freeradius :) After I have time (Maybe tomorrow depending on workload) to look at the code in those scripts I may (with Alan's permission) add them to cvs. Regards Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
On Sunday 30 November 2003 08:07, Alan DeKok wrote: > Zoup <[EMAIL PROTECTED]> wrote > Huh? WHat do you mean by that? What scripts are you talking about > > There is no "secret" CVS repository of scripts. It's all public, > and all scripts are distributed with the server. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html those scripts are *not* on the cvs or anywhere else but this list :) users2mysqlfile.pl , users2pgsqlfile.pl ! :) i know its all public , i think its better to package this script with freeradius :) -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Zoup <[EMAIL PROTECTED]> wrote: > there is a lot of useful scripts for freeradius which is not included in > freeradus package ( /script ) , is they are storing anywhere ? maybe on > cvs ? Huh? WHat do you mean by that? What scripts are you talking about There is no "secret" CVS repository of scripts. It's all public, and all scripts are distributed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
On Friday 28 November 2003 16:52, Guy Fraser wrote: > Here are some perl scripts that I modified to generate sql files from > users files. > > I'm pretty sure they work, but check the files first. there is a lot of useful scripts for freeradius which is not included in freeradus package ( /script ) , is they are storing anywhere ? maybe on cvs ? -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
[EMAIL PROTECTED] wrote: Hello, I am working on getting the radius account logs to write to MySQL, in the mean time I am still logging accounting information to flat files. I am looking for a script that will take my daily accounting flat files and insert them into MySQL. Does anyone know of any scripts that will do this? I have been looking around and have not found any. there is a script in src/accounting that can do this. It is currently h323 specific, although you can trivially modify it to work with the standard database schema. Let me know if you have trouble with it.. Regards Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script to move account flat files to MySQL
Here are some perl scripts that I modified to generate sql files from users files. I'm pretty sure they work, but check the files first. [EMAIL PROTECTED] wrote: Hello, I am working on getting the radius account logs to write to MySQL, in the mean time I am still logging accounting information to flat files. I am looking for a script that will take my daily accounting flat files and insert them into MySQL. Does anyone know of any scripts that will do this? I have been looking around and have not found any. Thanks, Dave -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. #!/usr/bin/perl -w # # users2pgsqlfile.pl -- a script to parse a RADIUS users file and fill # a freeradius PostgreSQL database... # # # Original Script {users2mysql.pl} developed by Rich Puhek, Znet Telecom # # Modiified By Guy Fraser to create a file for PostgreSQL # # last change: Friday, September 12 2003. # #location of source users file: $users_file="users"; $sql_file=">users.sql"; #The following are defaults from freeradius 0.7 # ...shouldn't have to change. $groups_table="usergroup"; $check_table="radcheck"; $reply_table="radreply"; $debug=3; use DBD::mysql; #open the users file, and the db. open USERS, $users_file or die "ERROR: Unable to open $users_file $!\n"; open SQLFILE, $sql_file or die "ERROR: Unable to open $sql_file $!\n"; sub check_attribs { if (!defined($_[0]) or !defined($_[1])) { print "undefined parameter!\n"; return undef; }; $attr = $_[0]; $val = $_[1]; if ($attr !~ /Password|Framed-IP-Address|Framed-IP-Netmask|Framed-IP-Routing|Framed-Routing|Framed-IP-Route|Framed-Compression|Framed-MTU|Simultaneous-Use|Idle-Timeout|Session-Timeout|Port-Limit|Auth-Type|Service-Type|Netmask|Framed-Protocol/ ) { print "unrecognized attribute: $attr\n" if $debug>1; return undef; }; return undef if ( (! defined($val) ) or ( ($attr =~ /Simultaneous\-Use/i) && ( $val !~ /^[0-9]*$/ ) ) ); print "attribs ok!\n" if $debug>3; return "TRUE"; }; sub cleanup { #clean up variables: strip leading/trailing spaces/tabs and trailing commas... my $myval; $myval = $_[0]; $myval =~ s/^\s*//g; $myval =~ s/\s*$//g; $myval =~ s/,$//; return $myval; }; sub user_attribute { #push values into db... $dtable=$_[0]; $duser=$_[1]; $dattrib=$_[2]; $dval=$_[3]; if ( $dtable =~ /group/ ) { $table = "usergroup"; } elsif ( $dtable =~ /check/ ) { $table = "radcheck"; } elsif ( $dtable =~ /reply/ ) { $table = "radreply"; } else { die "argh! what table is $dtable?\n"; }; if ( $table =~ /usergroup/ ) { if ( $dattrib =~ /static/ ) { #Delete the "dynamic" entry... #print SQLFILE "DELETE FROM `$table` WHERE `UserName`='$duser' LIMIT 1;\n"; print SQLFILE "UPDATE $table SET GroupName='$dattrib' WHERE UserName='$duser' and GroupName='dynamic';\n"; if ( $dtable =~ /group/ and $debug>2) { print "updating \"$duser\" in usergroup table as member of \"$dattrib\"\n" ; } } else { print SQLFILE "INSERT INTO $table (UserName,GroupName) values ('$duser','$dattrib');\n"; if ( $dtable =~ /group/ and $debug>2) { print "inserting \"$duser\" into usergroup table as member of \"$dattrib\"\n" ; }; }; } else { print SQLFILE "INSERT INTO $table (UserName,Attribute,Value,op) values ('$duser','$dattrib','$dval',':=');\n"; if ( $dtable !~ /group/ and $debug>2) { print "inserting \"$dattrib\", \"$dval\" for \"$duser\" in rad$dtable\n" ; }; }; return $return; }; while () { chop; #Skip comment lines and blank lines... next
Re: MySQL Instructions . . .
At Thu, 27 Nov 2003 09:06:50 -0800, Jason Flatt wrote: > > When I first setup freeradius about 2 months ago, I was following a HOW-TO > someone had up which showed how to get freeradius working with mysql. Now > I'm looking for it and I cannot locate it. Can someone point me in the > correct direction? > Perhaps you mean this http://www.frontios.com/freeradius.html > > -- > Jason Flatt (jason @ flattfamily . com) > Father of five (http://www.flattfamily.com/) > Linux user (http://www.sourcemage.org/) > IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net > PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Instructions . . .
When I first setup freeradius about 2 months ago, I was following a HOW-TO someone had up which showed how to get freeradius working with mysql. Now I'm looking for it and I cannot locate it. Can someone point me in the correct direction? -- Jason Flatt (jason @ flattfamily . com) Father of five (http://www.flattfamily.com/) Linux user (http://www.sourcemage.org/) IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
script to move account flat files to MySQL
Hello, I am working on getting the radius account logs to write to MySQL, in the mean time I am still logging accounting information to flat files. I am looking for a script that will take my daily accounting flat files and insert them into MySQL. Does anyone know of any scripts that will do this? I have been looking around and have not found any. Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
Hello, After a good night, everything is better. So Andreas Congratulation for your great work, here with your package file everything work perfectly (without a glitch) on any panther distrib (tested on 3 Emac and 2 G4) I m really impressed by it (installing it with a mouse in graphical mode without doing nothing is a real pleasure ) So thanks you very much, but I will continue to check why when I compile it myself I got those error ... I have read many doc on library and OSX/Darwin, but maybe that I need to read more (or maybe that I have read to many ...) Anyway I have a well install version to work with now, so I wish to be able to help you soon. Thanks again for your help Julien - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql and Assigning an IP
I have freeradius/mysql setup authenticating on a MAX2000, the Max has the IP pool. I would like to know how to setup mysql/freeradius to handle giving out the IP. I’m sure I it’s just setting up the table, but I don’t know the syntax.
Re: Interim accounting update +mysql
On Wed, 19 Nov 2003, David Blood wrote: > For some reason mysql is not being update with the interim accouting > updates. Below is one of the accounting requests sent to free radius and > you can see that it does not send the bytes and up time information to > mysql. > Anyone know why? > > > rad_recv: Accounting-Request packet from host 204.228.226.18:1306, id=249, > length=181 > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Identifier = "SQN2" > NAS-Port = 60 > NAS-Port-Type = Ethernet > User-Name = "shawn" > Calling-Station-Id = "06:2d:1A:05:A2:6B" > Called-Station-Id = "SpeedyQuick" > NAS-Port-Id = "Clients" > Acct-Session-Id = "8120001a" > Framed-IP-Address = 10.69.4.22 > Acct-Authentic = RADIUS > Acct-Session-Time = 115201 > Acct-Input-Octets = 2350343 > Acct-Input-Packets = 27316 > Acct-Output-Octets = 36915463 > Acct-Output-Packets = 36681 > Acct-Status-Type = Alive > NAS-IP-Address = 205.28.26.18 > Acct-Delay-Time = 0 > modcall: entering group preacct > modcall[preacct]: module "preprocess" returns noop > rlm_realm: No '@' in User-Name = "shawn", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[preacct]: module "suffix" returns noop > modcall[preacct]: module "files" returns noop > modcall: group preacct returns noop > modcall: entering group accounting > rlm_acct_unique: Hashing 'NAS-Port-Id = "Clients",Client-IP-Address = > 205.28.26.18,NAS-IP-Address = 205.28.26.18,Acc > t-Session-Id = "8120001a",User-Name = "shawn"' > rlm_acct_unique: Acct-Unique-Session-ID = "f56023f6b2ffca98". > modcall[accounting]: module "acct_unique" returns ok > radius_xlat: > '/usr/local/var/log/radius/radacct/205.28.26.18/detail-20031119' > rlm_detail: > /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands > to /usr/local/var/log/radius/ra > dacct/205.28.26.18/detail-20031119 > modcall[accounting]: module "detail" returns ok > modcall[accounting]: module "unix" returns noop > radius_xlat: 'shawn' > rlm_sql (sql): sql_set_user escaped user --> 'shawn' > radius_xlat: 'UPDATE radacct SET FramedIPAddress = '10.69.4.22' WHERE > AcctSessionId = '8120001a' AND UserName = 'shawn' AND NASIPAddress= > '205.28.26.18' AND AcctStopTime = 0' > rlm_sql (sql): Reserving sql socket id: 3 > rlm_sql (sql): Released sql socket id: 3 > modcall[accounting]: module "sql" returns ok > radius_xlat: '/usr/local/var/log/radius/radutmp' > radius_xlat: 'shawn' > modcall[accounting]: module "radutmp" returns ok > modcall: group accounting returns ok > Sending Accounting-Response of id 249 to 205.28.26.18:1306 > Finished request 31 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > What does your sql.conf look like? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html