Re: MySQL authentication problem
ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini Ian Truelsen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/01/07 07:32 PM Please respond to FreeRadius users mailing list freeradius-users@lists.freeradius.org To Freeradius Mailing List freeradius-users@lists.freeradius.org cc Subject MySQL authentication problem radiusd: FreeRADIUS Version 1.1.3, for host i686-pc-linux-gnu, built on Dec 26 2006 at 01:46:55 mysql Ver 14.12 Distrib 5.0.30, for pc-linux-gnu (i686) using readline 5.2 I thought that I had everything configured properly for MySQL authentication, but when I try to do a test with radtest, the test user is not authenticated and there is no log of activity to the MySQL database. Anyway, here is the output of radiusd -X and, at the end, the population of my database: rad_recv: Access-Request packet from host 192.168.182.1:2053, id=7, length=55 User-Name = ian User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = ian, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: 'ian' rlm_sql (sql): sql_set_user escaped user -- 'ian' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'ian' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'ian' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module unix returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [ian/test] (from client brentwood port 1812) Delaying request 0 for 1 seconds Finished request 0 mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Any thoughts on why this is not working would be greatly appreciated. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
ian sql goes in authorize section and accounting only; leave preprocess, auth_log, suffix and sql uncommented there to start. what about your ian entry in your users file ?...and delete that strange entry in your radcheck (id 1). Ian Truelsen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/02/07 04:35 PM Please respond to FreeRadius users mailing list freeradius-users@lists.freeradius.org To FreeRadius users mailing list freeradius-users@lists.freeradius.org cc Subject Re: MySQL authentication problem On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote: ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini Well, I only want authentication from the MySQL database, so that should authenticate the user, if the sql section is working correctly. Why then, would the user not be authenticated, based on the information in the radcheck table (below)? mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Sorry if I am being obtuse, but there is something that I am not quite getting here. Thanks for the help. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius overview
David, start with rlm_sql at source_directory/doc, check also your sql.conf in your installation etc/raddb directoryit help me also this one to start http://www.frontios.com/freeradius.html (for mysql). I hope it helpsif you're about using ms-sql check also mssql at source_directory/doc. Regards [EMAIL PROTECTED] wrote on 12/28/2006 01:37:51 PM: I have gotten freeRadius working with a mikrotik NAS using the users flat file (hooray for me! g). Now I need to have the freeRadius server reference a MS-SQL db server rather than the users file on the freeRadius server. I am quite fuzzy about the process tho. I am hoping for some basic edukashun. How do you tell freeRadius to reference an external MS-SQL db rather than the local users flat file? How do you issue the query to the db? (what file contains the connection string and query) How do the returning fields get mapped into RADIUS attributes? (what do you do when the db calls the field uname and RADIUS calls it user-name) Thank you for your time, Dave Covert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error rlm_exec
What messages did you have when you compiled it ? It seems that it could not build rlm_exec correctly. You could look at the config.log file within the build directory. Hernan Antolini [EMAIL PROTECTED] wrote on 12/07/2006 05:51:07 AM: I can't start freeradius 1.1.3_1 on FreeBSD6 radius.log: Error: radiusd.conf[226] Failed to link to module 'rlm_exec': /usr/local/lib/rlm_exec.a: invalid file format ??? Sergu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Check the scripts dir that came with the freeradius source; there is a rc.radiusd file to do that. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/24/2006 03:52:53 AM: hello i configure chillispot and freeradius and it is working. But whenever i reboot this radiusd server i have to run manually all the time. So how to run this radiusd server at boot time. chillispot ,apche and mysql all run at boot time but radiusd is not.i try it by writing script in /etc/rc.local and also directly copy /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So please give me any ideas to start radiusd server at boot time. regards rina Diniz Da Rocha wrote: HI, I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. My only problem is that when I boot the server (Fedora Core 4) and radiusd starts up there is a rlm_sql_mysql error: Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect unconnected handle 4.. Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'myip' (13)' Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB handle #4 The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/FreeRadius-and- MySQL-boot-problem-tf1191658.html#a7518565 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql driver compile problem
Dont know much about ubuntu distro but in redhat i had to unistall pre-installed mysql packages and install mysql, mysql-devel and mysql-shared-compat to fix it: before that i get same error, devel package was there and use did not did it Think is a linker problem check http://wiki.freeradius.org/index.php/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F Hope it helps Hernan Antolini [EMAIL PROTECTED] wrote on 11/22/2006 02:30:15 PM: Platform is Ubuntu Linux 6.06 server i386 with kernel version 2.6.15-23. Software is Freeradius 1.1.3 and MySQL 4.1.21. The problem is that the Freeradius configure script will not detect the existance of the mysqlclient_r library and subsequently fails to build the rlm_sql_mysql driver despite my use of the --with-mysql-lib-dir directive. The configure line: ./configure --prefix=/usr/local/pw/freeradius-1.1.3 --with-mysql-lib-dir=/usr/local/lib/mysql From the configure output: checking for mysql_init in -lmysqlclient_r (using mysql_config)... no checking for mysql_init in -lmysqlclient_r... no configure: WARNING: mysql libraries not found. Use --with-mysql-lib- dir=path. checking for mysql.h (using mysql_config)... yes configure: WARNING: sql submodule 'mysql' disabled configure: creating ./config.status A listing of the lib dir: # ls -l /usr/local/lib/mysql/libmysqlclient_r* -rw-r--r-- 1 root root 1462324 2006-11-14 02:23 /usr/local/lib/mysql/libmysqlclient_r.a -rw-r--r-- 1 root root 1395548 2006-11-13 22:44 /usr/local/lib/mysql/libmysqlclient_r.so.15 -rw-r--r-- 1 root root 1395548 2006-11-13 22:44 /usr/local/lib/mysql/libmysqlclient_r.so.15.0.0 Some evidence of the existance of the referenced function in that library: # file /usr/local/lib/mysql/libmysqlclient_r.so.15 /usr/local/lib/mysql/libmysqlclient_r.so.15: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), stripped # strings /usr/local/lib/mysql/libmysqlclient_r.so.15 | grep mysql_init mysql_init Any ideas? Thanks, Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Newbie
Gustavo, the better place to start is your server documentation : freeradius.x.xx/doc/aaa.txt, Autz-Type, etc.then the config files of your server : radiusd.conf and sql.conf.I 've started with this good guide http://www.frontios.com/freeradius.html, it will guide you through config mysql for your radius. THe best you can do, my opinion, is go ahead, make your better try and radiusd -X + radtest ..they will tell you where it fails. Good luck Hernan Antolini [EMAIL PROTECTED] wrote on 11/15/2006 01:57:58 PM: Hello All!, im newbie in RADIUS, I have installed freeradius and I want to configure it to work as AAA with CISCO AV-PAIRS. I have a program that send request as a radius client and the attributes what I send is: Authenticantion: I send to radius: ==ACCESS REQUEST ==USERNAME:(8 digits) ==PASSWORD:(4 digits) ==VENDOR: Cisco-AVPair I recive from radius if: ==ACCESS ACCEPT ==Cisco-AVPair=' h323--credit-amount=xx' ==Cisco-AVPair=' h323-return-code=X' else: ==ACCESS REJECT Radius use a mysql database to process this Authentication. I apreciate any help in configure freeradius as shown. Greetings, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius and mysql
Marilene, send the ouptup of your radiusd -X at the momento you ar trying to authenticate users; there should be the response. Regards. [EMAIL PROTECTED] wrote on 11/15/2006 04:15:36 PM: Hi, Thanks a lot for the response. But I have two problems. The first is my english: I am Brazilian and I might not write in english very well... ; ) The second and more important problem is this: I configured my freeradius server, I can authenticate with my users ldap... but I configured my mysql server too, but I can't to authenticate with the mysql users... the access is denied... even when the user and password is correct... ho I think that the server isn't looking for my users in mysql database. Someone knows how I can to test if the freeradius is looking for my users in my mysql database too? Thanks a lot, Marilene- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Queries apear in Dialup_admin page
Nuno, check you admin.conf under dialup_admin install dir; i guess you have an sql_debug : true entry. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/09/2006 02:09:06 PM: Hi, i have a strange problem in my freeradius with dialup_admin interface. When i choose the fields, statistics, user statistics, online users, radius clients .etc, the queries apear in Dialup_Admin page... very strange. Can anyone tell me what i´m i doing wrong. Sorry for my english. Thanks. Nuno Castanheira REFERTELECOM E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius installation problem.
Any strange output from configure or make ? are you sure you're running make install as root ? what are the error messages if any =? [EMAIL PROTECTED] wrote on 10/31/2006 02:45:09 PM: When I run ./confiugre, make and make install, radiusd does not install. I have checked the /usr/local/bin and /usr/local/sbin and it is not there. Yes, I did make sure that I was showing hidden files when I search for it. I also did a search for radiusd and it does not show up anywhere. Therefore, when I try to run radiusd by typing radiusd -X, it says command not found. I am running Ubuntu Linux and trying to install Freeradius-1.0. 0(behind the times, I know). I am a total newbie to Freeradius altogether, so please be patient! I have already tried to reinstall, but that didn't work. Any help would greatly be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius + mysql problem
Sri, ¿it never works ? ¿how did you build your radius ? ¿what's your platform and mysql version ? ¿sis you remember to have mysql-devel (mysql headers) available when you build freeradius ?, it seems to me that the driver is not working. In the message below driver rlm_sql_mysq is a typo (should be mysql) ¿did you make the right configs in your sql.conf ? hope it helps regards Hernan Antolini [EMAIL PROTECTED] wrote on 10/26/2006 10:10:30 PM: Hello all, I am trying to configure freeradius with mysql. I did the relevent changes in radiusd.conf and when i start the server in debug mode, it is giving an error: rlm_sql (sql): Could not link driver rlm_sql_mysq: file not found rlm_sql (sql): Make sure it (all its dependent libraries) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Here are the changes i made in radiusd.conf file: sqltrace=yes uncommented the line sql in Authorize section. commented the line sql in preacct section. uncommented the line sql in accounting section. Created the radius database using the schema in the file db_mysql.sql. Wht can be problem with configuration.Pls clarify any other config changes required. Thanks in advance. Regards, Sri - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server can not see any request from clients.
Richard, to be sure about the packet arriving at the radius machine and see the content of the packet you can use netcat. @radius-server : nc -l -u -p 1812 -vv -o /tmp/dump_hex_packet (will use UDP and dump hex info) @client_machine : radtest as usual hope it helps [EMAIL PROTECTED] wrote on 10/26/2006 09:29:27 AM: Hi, Actually, the 0 in the radtest command means NAS-Port. Since 1812 is the default port for radius defined in /etc/service, the Access- Request is always sent to port 1812. I can see the same messege as follow when I type both 0 or 1812: Sending Access-Request of id 40 to IP of server port 1812 User-Name = username User-Password = password NAS-IP-Address = 255.255.255.255 NAS-Port = 0/1812 (According to the number typed in radtest command) Now, I am not sure wether the RADIUS server receives the Access- Request from the client or not. As I said, I can see the packet arrives at the interface and port of the server, but no information printed out in RADIUS debug mode. And the local test just works fine. Thanks! BR Richard On 10/26/06, Vasea Marii [EMAIL PROTECTED] wrote: I guess you didn't type radtest username password localhost 0 sharedsecret but radtest username password localhost 1812 sharedsecret why send it to the port 0? richard Bai [EMAIL PROTECTED] wrote: Hi, everyone, I face a very strange problem right now when I configure a freeradius server with PEAP + LDAP. I can start the radius in debug mode properly. I get following lines: Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. Then I did test by using radtest username password localhost 0 sharedsecret And the radius server replied with Access-Accept message. So, I think the serve works just fine. But when I tested by using radtest username password IP of server 0 sharedsecret from a client conneted to the server through a hub, I can not get anything back. I even did not see any Access-Request information in debug mode on the radius server. It looks like the radius doesn't receive anything. However, I sniffered the interface via Ethereal and used tcpdump - v port 1812 in the server, I do see the Access-Request packet received by the interface on the server, I confirmed that the 1812 port is open. Please give me some idea. Any advices or solution is welcome. Thank you very much! Best Regards Richard - List info/subscribe/unsubscribe? See http://www.freeradius. org/list/users.html Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business . - List info/subscribe/unsubscribe? See http://www.freeradius. org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql 4.1 - dialup_admin - badusers.sql and usersinfo.sql
Hi all, found that badusers.sql and usersinfo.sql wont work as-is with mysql = 4.1 because it did not support DEFAULT statements on auto_increment fields; verified that without DEFAULT the scripts runs ok. I am new on the list, found on the archives that it was reported before, but would like to know if it was reported to the authors to fix it. Thanks and hope it helps ! Hernan Antolini - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html