Re: Freeradius 2 + MySQL + MD5 hash don't work
Okay folks, I appreciate the help. Already managed to solve. Basically there were two details, the first was as the supplicant was trying to authenticate, it was either use MSCHAPv2, but the passwords were encrypted at the base with MD5, just like CHAP authentication would not work . By forcing the supplicant to use TTLS + PAP, the authentication worked. I thank you all. 2011/3/17 Alan Buxey a.l.m.bu...@lboro.ac.uk Hi, Dear Phil, By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails. no...it works - but you havent got the 'sql' module enabled in the inner-tunnel (which is where the server goes to when its doing EAP) put sql into the inner-tunnel virtual-server and then the password will be exposed in the EAP tunnel...et voila, it will work(tm) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- João Paulo de Lima Barbosa Fone: (45) 9938-8399 Blog: http://joao.us Twitter: @joaocdc O erro dos que tem poder é colocar barreiras para que ninguém os alcance, incentivando-nos a buscar todas as formas que encontramos para alcança-los. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
On 03/17/2011 08:01 PM, joao...@gmail.com wrote: *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!* This is very clear: mysql select * from radgroupcheck; +++---++---+ | id | groupname | attribute | op | value | +++---++---+ | 1 | visitantes | Auth-Type | := | PAP | +++---++---+ 1 row in set (0.00 sec) This is wrong. Remove it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Dear Phil, By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails. Authentication is what I'm doing wireless network. Below is the result of debugging when I removed the Auth-Type PAP table radgroupcheck: [sql_visitantes] expand: %{Stripped-User-Name} - usql2 [sql_visitantes] sql_set_user escaped user -- 'usql2' rlm_sql (sql_visitantes): Reserving sql socket id: 1 [sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'usql2' ORDER BY id [sql_visitantes] User found in radcheck table [sql_visitantes] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'usql2' ORDER BY id [sql_visitantes] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'usql2' ORDER BY priority [sql_visitantes] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'visitantes' ORDER BY id [sql_visitantes] User found in group visitantes [sql_visitantes] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'visitantes' ORDER BY id rlm_sql (sql_visitantes): Released sql socket id: 1 +++[sql_visitantes] returns ok ++- if (Realm == visitantes ) returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list *[eap] EAP/mschapv2* [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: usql2@visitantes [mschap] Told to do MS-CHAPv2 for usql2@visitantes with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. 2011/3/17 Phil Mayers p.may...@imperial.ac.uk On 03/17/2011 08:01 PM, joao...@gmail.com wrote: *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!* This is very clear: mysql select * from radgroupcheck; +++---++---+ | id | groupname | attribute | op | value | +++---++---+ | 1 | visitantes | Auth-Type | := | PAP | +++---++---+ 1 row in set (0.00 sec) This is wrong. Remove it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- João Paulo de Lima Barbosa Fone: (45) 9938-8399 Blog: http://joao.us Twitter: @joaocdc O erro dos que tem poder é colocar barreiras para que ninguém os alcance, incentivando-nos a buscar todas as formas que encontramos para alcança-los. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Hi, [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! its fair enough. you've set Auth-Type = PAP why? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Hi, Dear Phil, By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails. no...it works - but you havent got the 'sql' module enabled in the inner-tunnel (which is where the server goes to when its doing EAP) put sql into the inner-tunnel virtual-server and then the password will be exposed in the EAP tunnel...et voila, it will work(tm) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius AND Mysql ? or Freeradius-mysql package??? or both?
i have installed debian, mysql server 5.0 (by aptitude install) and freeradius-server-2.1.7 by wget and untar -xvfz , manually. Question is: it is necessary install freeradius-mysql package? If you installed freeradius from source - no. Source has complete server. But it is dependany on development headers. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
have created a dictionary.slipstream file with the following: VENDOR Slipstream 7000 ATTRIBUTE SlipStream-Auth True string Slipstream However, that will not authenticate the slip client. If I hardcode the attribute into the auth_reply query, the client is then authenticated. (Query = authorize_reply_query = SELECT '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username = '%{SQL-User-Name}' Any ideas where to go to get this working correctly? Post the output of radiusd -X. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
I'll also add that the dictionary.slipstream is included in the dictionary file. FreeRadius running on freeBSD On Wed, 2008-11-05 at 12:14 -0500, Aaron Seibert wrote: Hello, I work in the NOC of an isp. Currently we have VIRCOM Radius servers set up to authenticate against a MySql server cluster, but we'd like to switch to FreeRadius. There is a profiles column that contains a few different service definitions (slip for SlipStream, newsgroups, a combo slip-news, etc.) What I can't figure out how to do is have the Radius server evaluate that column for the authenticated user, and send a reply so that the client knows that the user is authenticated for that specific service. Currently, I'm just trying to get the slip service to work. I have created a dictionary.slipstream file with the following: VENDOR Slipstream 7000 ATTRIBUTE SlipStream-Auth True string Slipstream However, that will not authenticate the slip client. If I hardcode the attribute into the auth_reply query, the client is then authenticated. (Query = authorize_reply_query = SELECT '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username = '%{SQL-User-Name}' Any ideas where to go to get this working correctly? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Posting relevant sections along with an explanation - I was doing some fiddling in between posting and responding here. Here is the current setup, as I was trying to make it work: dictionary.slipstream - VENDOR Slipstream 7000 ATTRIBUTE Profile 1 string Slipstream reply query in mssql.conf - authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' Relevant output when running radiusd -X - Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_realm: Looking up realm evenlink.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm evenlink.com modcall[authorize]: module suffix returns noop for request 0 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]'' rlm_sql (sql): Reserving sql socket id: 4 query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' radius_xlat: '' radius_xlat: 'SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]'' query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := Slip Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 46 with timestamp 4911f770 Nothing to do. Sleeping until we see a request. This doesn't allow the slip user to connect to the slip service. However, if I change everything to the following: dictionary.slipstream: VENDOR Slipstream 7000 ATTRIBUTE Slipstream-Auth 1 string Slipstream mssql query: authorize_reply_query = SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' Output: Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_realm: Looking up realm evenlink.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm evenlink.com modcall[authorize]: module suffix returns noop for request 0 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]'' rlm_sql (sql): Reserving sql socket id: 4 query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' radius_xlat: '' radius_xlat: 'SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]'' query: SELECT '',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' radius_xlat: '' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 230 to 206.174.130.217 port 56427 Slipstream-Auth := true Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 230 with timestamp 4911fa44 Nothing to do. Sleeping until we see a request. As you can see, what I need to do is basically say if the Profiles column in the sql database has a value of Slip, then Slipstream-Auth = true needs to be passed back in the reply query. I just can't figure out how to do that... On Wed, 2008-11-05 at 13:56 -0500, Stephen Bowman wrote: have created a dictionary.slipstream file with the following: VENDOR Slipstream 7000 ATTRIBUTE SlipStream-Auth True string Slipstream However, that will not authenticate the slip client. If I hardcode the attribute into the auth_reply query, the client is then authenticated. (Query = authorize_reply_query = SELECT '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username = '%{SQL-User-Name}' Any ideas where to go to get this working correctly? Post the output of radiusd -X. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See
Re: FreeRadius and MySql custom attributes
authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' It's doing exactly what you tell it to do. query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' There's the query as you defined it above... Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := Slip And there's the access-accept with a reply attribute of Profile := Slip. In your database you clearly have a column titled 'Profile' in radius_auth with value of Slip for the row for the username [EMAIL PROTECTED] To get what you want, you would need a column titled Slipstream-Auth with a value of True for the row for the username [EMAIL PROTECTED]. But all this is actually a bit horkie. It makes little sense to have to add a column everytime you want a random check/reply attribute. It's bad practice and going to be terribly inefficient by any database backend. Why is it that you don't want to follow the provided schema (in 2.x raddb/sql/mysql/) and predefined queries? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Becuase the database is already established with thousands of customers We're looking to migrate from an existing VOPRadius system. The MsSql database is tied into our account management system as well On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote: authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' It's doing exactly what you tell it to do. query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' There's the query as you defined it above... Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := Slip And there's the access-accept with a reply attribute of Profile := Slip. In your database you clearly have a column titled 'Profile' in radius_auth with value of Slip for the row for the username [EMAIL PROTECTED] To get what you want, you would need a column titled Slipstream-Auth with a value of True for the row for the username [EMAIL PROTECTED]. But all this is actually a bit horkie. It makes little sense to have to add a column everytime you want a random check/reply attribute. It's bad practice and going to be terribly inefficient by any database backend. Why is it that you don't want to follow the provided schema (in 2.x raddb/sql/mysql/) and predefined queries? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
You can extend the rlm_sql module to read from your schema though it is some work. Alternatively you can go with perl and scripting. I believe extending rlm_sql module to read your schema and generate AVP's will give better performance, but I might be wrong. I have taken this path for a custom database. Regards, Venkatesh K On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert [EMAIL PROTECTED] wrote: Becuase the database is already established with thousands of customers We're looking to migrate from an existing VOPRadius system. The MsSql database is tied into our account management system as well On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote: authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' It's doing exactly what you tell it to do. query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' There's the query as you defined it above... Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := Slip And there's the access-accept with a reply attribute of Profile := Slip. In your database you clearly have a column titled 'Profile' in radius_auth with value of Slip for the row for the username [EMAIL PROTECTED] To get what you want, you would need a column titled Slipstream-Auth with a value of True for the row for the username [EMAIL PROTECTED]. But all this is actually a bit horkie. It makes little sense to have to add a column everytime you want a random check/reply attribute. It's bad practice and going to be terribly inefficient by any database backend. Why is it that you don't want to follow the provided schema (in 2.x raddb/sql/mysql/) and predefined queries? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Venkatesh. K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
I think what I'll do is just change the reply query to pull from the Profiles table so the query would look like id,username,profiles,'true',';='. Then I'll change the dictionary file so the Slip profile gets the correct attributes, and true will be passed tith each of the account types On Thu, 2008-11-06 at 04:15 +0530, Venkatesh K wrote: You can extend the rlm_sql module to read from your schema though it is some work. Alternatively you can go with perl and scripting. I believe extending rlm_sql module to read your schema and generate AVP's will give better performance, but I might be wrong. I have taken this path for a custom database. Regards, Venkatesh K On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert [EMAIL PROTECTED] wrote: Becuase the database is already established with thousands of customers We're looking to migrate from an existing VOPRadius system. The MsSql database is tied into our account management system as well On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote: authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '%{SQL-User-Name}' It's doing exactly what you tell it to do. query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth WHERE Username = '[EMAIL PROTECTED]' There's the query as you defined it above... Sending Access-Accept of id 46 to 206.174.130.217 port 40278 Profile := Slip And there's the access-accept with a reply attribute of Profile := Slip. In your database you clearly have a column titled 'Profile' in radius_auth with value of Slip for the row for the username [EMAIL PROTECTED] To get what you want, you would need a column titled Slipstream-Auth with a value of True for the row for the username [EMAIL PROTECTED]. But all this is actually a bit horkie. It makes little sense to have to add a column everytime you want a random check/reply attribute. It's bad practice and going to be terribly inefficient by any database backend. Why is it that you don't want to follow the provided schema (in 2.x raddb/sql/mysql/) and predefined queries? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTESlipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Ok I found that. Where do I add the stuff in my mysql database to allow that attribute. On Feb 29, 2008, at 5:19 AM, Ivan Kalik wrote: Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
So is this. 1.1.7 file /usr/local/etc/raddb/dictionary. Ivan Kalik Kalik Informatika ISP Dana 28/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTESlipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
This is version 1.1.3 I don't see this anywhere in this file. #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer On Feb 28, 2008, at 8:16 PM, Ivan Kalik wrote: So is this. 1.1.7 file /usr/local/etc/raddb/dictionary. Ivan Kalik Kalik Informatika ISP Dana 28/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
On Thu, Feb 28, 2008 at 05:08:46PM -0500, Dustin Schuemann wrote: Im working with dialup provider that is acting as the nas and they are authenticating off my radius server. Authentication works fine. They have this fastnet program that is supposed to make the internet faster. Attached is what they told me to do. I have added it to the dynamic group in mysql and the user is part of that group. But nothing. If you run your own radius server: VENDORATTR 7000 Slipstream-Auth 1 string There is a dictionary.slipstream file in FreeRADIUS 2.x. You could just use that file even if you are on FreeRADIUS 1.x. Just make sure to add the appropriated $INCLUDE to the primary dictionary file. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
You have posted the beginning of the error statement (which is irrelevant) and left out the most important bit that comes after: Check the manual that corresponds to your MySQL server version for the right syntax to use near Script provided with the server doesn't have any errors. You have done something to it. You should also post the lines just before the line with the error (including the line with the error). Ivan Kalik Kalik Informatika ISP Dana 5/8/2007, zahra bahar [EMAIL PROTECTED] piše: yes I had mistake in writing.I used # mysql -u root -p mysql.sql but it has that error. [EMAIL PROTECTED] wrote: USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra bahar Envoyé : samedi 4 aoűt 200706:05 Ŕ : FreeRadius users mailing list Objet :Re: freeradius and mysql I send the error in my email.this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED]wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar piše: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Joinour Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
yes I had mistake in writing.I used # mysql -u root -p mysql.sql but it has that error. [EMAIL PROTECTED] wrote: USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra bahar Envoyé : samedi 4 août 200706:05 À : FreeRadius users mailing list Objet :Re: freeradius and mysql I send the error in my email.this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED]wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Joinour Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Join our Network Research Panel today!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
Sorry, USE : # mysql -u root -p radius mysql.sql and not : # mysql -u root -p mysql.sql -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
On Wed 01 Aug 2007, zahra bahar wrote: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: You are using the wrong pipe.. Use instead ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. http://wiki.freeradius.org/SQL_HOWTO -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
# mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. You want to feed the commands from the file mysql.sql to the mysql command? Then you must use , not . I.e.: mysql -u root -p mysql.sql Also, IIRC the mysql.sql script does only create the tables, not the database itself. So, first create a database called radius, and then make your client use this database to execute the commands: mysql -u root -p radius mysql.sql Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar [EMAIL PROTECTED] piše: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
jose a. zúñiga said I need a tutorial in order to connect freeradius and mysql It kind of depends on what you want to do with the MySQL: Authenticate? Handle per-user check/return attributes? Handle per-group check/return attributes? Accounting? Dynamic IP assignment? Whatever your requirements, I would recommend waiting a few days. Version 1.1.7 is in the process of being released, and there is an effort underway to get the MySQL version of the various queries whipped into shape, and the schema modified slighty. I'm testing some of the changes this weekend. I'd be happy to help you out with the MySQL stuff once 1.1.7 is out. jose a. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL problem!!!
You haven't posted your radiusd -X output. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: Dear all, I have been using freeradius properly configured with mysql for some time now. However it suddenly stopped working. What more, I upgraded to the 1.6 version, and now when I run radiusd -X, it doesn't even show that its tied in with the MySQL database... Can anyone please help me? I have done all the right things i.e. sql in radius.conf, but its not tying in with the mysql database. Am I missing anything obvious ??? Thanks Al - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
Here it is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /usr/local/var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 12:38 To: FreeRadius users mailing list Subject: Re: Freeradius and MySQL problem!!! You haven't
RE: Freeradius and MySQL problem!!!
] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 12:38 To: FreeRadius users mailing list Subject: Re: Freeradius and MySQL problem!!! You haven't posted your radiusd -X output. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: Dear all, I have been using freeradius properly configured with mysql for some time now. However it suddenly stopped working. What more, I upgraded to the 1.6 version, and now when I run radiusd -X, it doesn't even show that its tied in with the MySQL database... Can anyone please help me? I have done all the right things i.e. sql in radius.conf, but its not tying in with the mysql database. Am I missing anything obvious ??? Thanks Al - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html *** Email COnfidentiality Notice *** This message is private and confidential.If you have received this in error, please notify us and remove it from your system. Contact [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
HI Ivan The sql in authorize and accounting are all uncommented. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 14:16 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! Have you included sql in your radiusd.conf or are sql entries still commented out? Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: Here it is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /usr/local/var/log/radius/radutmp radutmp: username
RE: Freeradius and MySQL problem!!!
It's not reading sql.conf. Check permissions on that file. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: HI Ivan The sql in authorize and accounting are all uncommented. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 14:16 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! Have you included sql in your radiusd.conf or are sql entries still commented out? Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: Here it is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail
RE: Freeradius and MySQL problem!!!
Ivan, I've given all permissions to sql.confnothing...it's still the same. Its strange, this used to work well before for the previous version of freeradius. Seems simple, yet!!! Any other advice? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 15:50 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! It's not reading sql.conf. Check permissions on that file. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: HI Ivan The sql in authorize and accounting are all uncommented. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 14:16 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! Have you included sql in your radiusd.conf or are sql entries still commented out? Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, Ackbar Joolia [EMAIL PROTECTED] piše: Here it is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb
Re: Freeradius and MySQL problem!!!
Ackbar Joolia wrote: Ivan, I've given all permissions to sql.confnothing...it's still the same. Its strange, this used to work well before for the previous version of freeradius. Seems simple, yet!!! Any other advice? Is the server reading the file you are editing? ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Maybe the file you're editing is in /etc/raddb/radiusd.conf ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
Obvious silly mistake...previous install was in /etc/raddbthanks Ivan...knew I was doing something silly -Original Message- From: [EMAIL PROTECTED] rg [mailto:[EMAIL PROTECTED] radius.org] On Behalf Of Alan DeKok Sent: 02 July 2007 17:13 To: FreeRadius users mailing list Subject: Re: Freeradius and MySQL problem!!! Ackbar Joolia wrote: Ivan, I've given all permissions to sql.confnothing...it's still the same. Its strange, this used to work well before for the previous version of freeradius. Seems simple, yet!!! Any other advice? Is the server reading the file you are editing? ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Maybe the file you're editing is in /etc/raddb/radiusd.conf ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html *** Email COnfidentiality Notice *** This message is private and confidential.If you have received this in error, please notify us and remove it from your system. Contact [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : FreeRadius+Dialup_admin+Mysql
check your settings in .../conf/admin.conf # # can be one of mysql,pg where: # mysq: MySQL database (port 3306) # pg: PostgreSQL database (port 5432) # sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: dialup_admin sql_password: XX sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup == Benjamin K. Eshun - Message d'origine De : Grant Arix [EMAIL PROTECTED] À : freeradius-users@lists.freeradius.org Envoyé le : Jeudi, 15 Mars 2007, 9h22mn 43s Objet : FreeRadius+Dialup_admin+Mysql HI, I just want to settup my freeradius to work with Mysql, i have already install everything and configure to, but when i tried to conected to the web-based graphic dialup_admin page i see the message: Could not connect to SQL database. Now i dont know what wrong.. If somebody can help me fix this issue i will be good for me ? Grant Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-1.1.3 + Mysql ?
adreas Polyxronopoulos wrote: Hi list, I have compiled freeradius-1.1.3 with out any configure option. I don't have mySql server on my pc (ubuntu 6.10) . If i would like to store accounting information in mySql , what i have to do? When i download mySql server package do i have to configure freeradius again or just configure radiusd.conf ? If you're on ubuntu, you don't need to compile FreeRADIUS. Just install the package. $ apt-cache search freeradius And you will get a number of useful packages. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-1.1.3 + Mysql ?
Hi list, I have found the mysql-server package but i haven't found the mysql-dev package could you tell me which one specific because there are many thanks Adreas Polyxronopoulos - Original Message From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, 11 January, 2007 7:23:53 PM Subject: Re: Freeradius-1.1.3 + Mysql ? Hi, Hi list, I have compiled freeradius-1.1.3 with out any configure option. I don't have mySql server on my pc (ubuntu 6.10) . If i would like to store accounting information in mySql , what i have to do? When i download mySql server package do i have to configure freeradius again or just configure radiusd.conf ? if you built from source you will need to build from source again - this is because when you ran ./configure, the automake script checks your compilation environment to see what libraries and headers you have - thus what feature-sets can be enabled. you will need to install the mysql-devel package to compile in support and install the mysql-server package to have the mysql server and utils to USE mysql alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ What kind of emailer are you? Find out today - get a free analysis of your email personality. Take the quiz at the Yahoo! Mail Championship. http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
I check it freeradius scripts rc.radiusd .it is same as /usr/local/sbin/rc.radiusd. I am using operating system fedora core 4 and chillispot is chillispot-1.0.i386.rpm and freeradius is freeradius-1.1.0.tar.gz . and whenever i reboot the radiusd server there is the error in radiusd log file like Sun Nov 26 11:00:51 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Sun Nov 26 11:00:51 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[10] Failed to link to module 'rlm_eap': /usr/local/lib/rlm_eap-1.1.0.so: cannot restore segment prot after reloc: Permission denied Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[1749] Unknown module eap. Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[1696] Failed to parse authenticate section. and when i start the radiusd by typing /usr/src/sbin/radiusd , radiusd server run and it has radiusd log file like Sun Nov 26 11:46:10 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Sun Nov 26 11:46:10 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Sun Nov 26 11:46:10 2006 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sun Nov 26 11:46:10 2006 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/mypaid Sun Nov 26 11:46:10 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Sun Nov 26 11:46:11 2006 : Info: Ready to process requests. so , how to run this radiusd server at boot time not by manully starting everytime when server is restart. regards rina Hernan Antolini wrote: Check the scripts dir that came with the freeradius source; there is a rc.radiusd file to do that. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/24/2006 03:52:53 AM: hello i configure chillispot and freeradius and it is working. But whenever i reboot this radiusd server i have to run manually all the time. So how to run this radiusd server at boot time. chillispot ,apche and mysql all run at boot time but radiusd is not.i try it by writing script in /etc/rc.local and also directly copy /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So please give me any ideas to start radiusd server at boot time. regards rina Diniz Da Rocha wrote: HI, I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. My only problem is that when I boot the server (Fedora Core 4) and radiusd starts up there is a rlm_sql_mysql error: Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect unconnected handle 4.. Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'myip' (13)' Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB handle #4 The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/FreeRadius-and- MySQL-boot-problem-tf1191658.html#a7518565 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/FreeRadius-and-MySQL-boot-problem-tf1191658.html#a7545147 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
hello i configure chillispot and freeradius and it is working. But whenever i reboot this radiusd server i have to run manually all the time. So how to run this radiusd server at boot time. chillispot ,apche and mysql all run at boot time but radiusd is not.i try it by writing script in /etc/rc.local and also directly copy /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So please give me any ideas to start radiusd server at boot time. regards rina Diniz Da Rocha wrote: HI, I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. My only problem is that when I boot the server (Fedora Core 4) and radiusd starts up there is a rlm_sql_mysql error: Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect unconnected handle 4.. Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'myip' (13)' Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB handle #4 The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/FreeRadius-and-MySQL-boot-problem-tf1191658.html#a7518565 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Check the scripts dir that came with the freeradius source; there is a rc.radiusd file to do that. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/24/2006 03:52:53 AM: hello i configure chillispot and freeradius and it is working. But whenever i reboot this radiusd server i have to run manually all the time. So how to run this radiusd server at boot time. chillispot ,apche and mysql all run at boot time but radiusd is not.i try it by writing script in /etc/rc.local and also directly copy /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So please give me any ideas to start radiusd server at boot time. regards rina Diniz Da Rocha wrote: HI, I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. My only problem is that when I boot the server (Fedora Core 4) and radiusd starts up there is a rlm_sql_mysql error: Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect unconnected handle 4.. Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect to MySQL server on 'myip' (13)' Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB handle #4 The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/FreeRadius-and- MySQL-boot-problem-tf1191658.html#a7518565 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql fails
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: first its 'local' and with sql its 'system', is this ok? That's what you told it to do. id UserNameAttribute Value op 3 test1 User-Password $1$BnzqweeZ$EJ66Aqwe0/YANJdc8hBC/ := That's not a clear-text password. It's a crypt'd password. You should be using the Crypt-Password attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL
Hello Jeremy, PLEASE ! SPECIFY YOUR PROBLEM ! you have sent 2-3 comments to the mailing list and nobody ( besides Alan ) wanted to respond! Why? No needed information ( aka I have car, car has tires, but I cannot drive, why? ). You are using db. Okay. What DB? Firebird, MySql, MSSQL, Oracle? How does your config looks like? Send us the debug output of freeradius! We cannot help you without information ( or do you expect us to hack into your server to get some info about your config ?? ). Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Jeremy ohara Sent: Donnerstag, 11. Mai 2006 20:23 To: freeradius-users@lists.freeradius.org Subject: Freeradius and MySQL Hi there i have free radius updated on fedora. got a mysql database. but from what i'm noticing its not being check on the database. got dialupadmin installed and using that to put the accounts into the database. and have setup freeradisu with the db Jeremy This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + pptp + mysql
Michael Gale wrote: Hello, I have it working I believe, more testing is required but so far everything seems good. Most of the docs I have come across say to set Auth-Type to Local or something in the mysql database. Those docs are WRONG, as you've discovered. If possible, could you send the URLs to the list so that we can ask the authors to correct them? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + pptp + mysql
Michael Gale [EMAIL PROTECTED] wrote: My client is a XP Pro laptop using MS-CHAP v2 I believe Nope. It's not sending MS-CHAP in the request packet. I have followed the documents from the following locations: http://poptop.sourceforge.net/dox/radius_mysql.html http://www.frontios.com/freeradius.html And heavily edited the standard configurations files, probably. Please don't. The standard configuration is there for a reason: it works. modcall[authorize]: module mschap returns noop for request 0 That works, at least. The server isn't trying to do MS-CHAP. modcall: entering group Auth-Type for request 0 rlm_mschap: No MS-CHAP-Challenge in the request This only happens if you force MS-CHAP authentication. Don't. You've probably added entries in SQL to force Auth-Type = MS-CHAP. Don't. And the request is unhelpful: rad_recv: Access-Request packet from host 127.0.0.1:32804, id=83, length=65 Service-Type = Framed-User Framed-Protocol = PPP User-Name = testuser Calling-Station-Id = 10.10.0.3 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 There's no password or MS-CHAP attributes in it. The request cannot be authenticated. Use the standard FreeRADIUS config files. They work. Make pptp send MS-CHAP attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + pptp + mysql
Hello, Ok, I removed freeradius and re-installed the package. The only configuration changes I made where: username and password in sql.conf Uncommented sql options in radius.conf I also add the dictionary.mirosoft file to the /etc/radiusclient/ directory as I came across a document that said to do so. I am still receiving the same error as before, in the mysql database I have: mysql select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 1 | testuser | Password | == | testpass | ++--+---++--+ 1 row in set (0.00 sec) mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | testuser | static| ++--+---+ Any hints would be appreciated, thanks. Michael Alan DeKok wrote: Michael Gale [EMAIL PROTECTED] wrote: My client is a XP Pro laptop using MS-CHAP v2 I believe Nope. It's not sending MS-CHAP in the request packet. I have followed the documents from the following locations: http://poptop.sourceforge.net/dox/radius_mysql.html http://www.frontios.com/freeradius.html And heavily edited the standard configurations files, probably. Please don't. The standard configuration is there for a reason: it works. modcall[authorize]: module mschap returns noop for request 0 That works, at least. The server isn't trying to do MS-CHAP. modcall: entering group Auth-Type for request 0 rlm_mschap: No MS-CHAP-Challenge in the request This only happens if you force MS-CHAP authentication. Don't. You've probably added entries in SQL to force Auth-Type = MS-CHAP. Don't. And the request is unhelpful: rad_recv: Access-Request packet from host 127.0.0.1:32804, id=83, length=65 Service-Type = Framed-User Framed-Protocol = PPP User-Name = testuser Calling-Station-Id = 10.10.0.3 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 There's no password or MS-CHAP attributes in it. The request cannot be authenticated. Use the standard FreeRADIUS config files. They work. Make pptp send MS-CHAP attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + pptp + mysql
Hello, I have it working I believe, more testing is required but so far everything seems good. Most of the docs I have come across say to set Auth-Type to Local or something in the mysql database. I came across the following post by Alan DeKok: http://lists.cistron.nl/pipermail/freeradius-users/2004-September/036643.html Where he suggest removing the entry - once I did that everything worked. Michael Michael Gale wrote: Hello, Ok, I removed freeradius and re-installed the package. The only configuration changes I made where: username and password in sql.conf Uncommented sql options in radius.conf I also add the dictionary.mirosoft file to the /etc/radiusclient/ directory as I came across a document that said to do so. I am still receiving the same error as before, in the mysql database I have: mysql select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 1 | testuser | Password | == | testpass | ++--+---++--+ 1 row in set (0.00 sec) mysql select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | static| Auth-Type | := | Local | ++---+---++---+ 1 row in set (0.00 sec) mysql select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | testuser | static| ++--+---+ Any hints would be appreciated, thanks. Michael Alan DeKok wrote: Michael Gale [EMAIL PROTECTED] wrote: My client is a XP Pro laptop using MS-CHAP v2 I believe Nope. It's not sending MS-CHAP in the request packet. I have followed the documents from the following locations: http://poptop.sourceforge.net/dox/radius_mysql.html http://www.frontios.com/freeradius.html And heavily edited the standard configurations files, probably. Please don't. The standard configuration is there for a reason: it works. modcall[authorize]: module mschap returns noop for request 0 That works, at least. The server isn't trying to do MS-CHAP. modcall: entering group Auth-Type for request 0 rlm_mschap: No MS-CHAP-Challenge in the request This only happens if you force MS-CHAP authentication. Don't. You've probably added entries in SQL to force Auth-Type = MS-CHAP. Don't. And the request is unhelpful: rad_recv: Access-Request packet from host 127.0.0.1:32804, id=83, length=65 Service-Type = Framed-User Framed-Protocol = PPP User-Name = testuser Calling-Station-Id = 10.10.0.3 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 There's no password or MS-CHAP attributes in it. The request cannot be authenticated. Use the standard FreeRADIUS config files. They work. Make pptp send MS-CHAP attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and mysql
Mario Casola [EMAIL PROTECTED] wrote: Hello, I've installed freeradius and I've configured it to comunicate with mysql...all work fine, but I don't understand the meaning of the mysql database structure and all the possible values I can put in the database...if someone could illuminate me. doc/rlm_sql Run the server in debugging mode, and send it packets. The text it prints out foo = bar is pretty much what you put into SQL. if you need to know what the text is, buy the O'Reilly book. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and mysql
quick, very short and uncomplete answer :) *check tables:information which have to be checked from freeRADIUS, like user password *reply tables:information which freeRADIUS sends back to your NAS (e.g. IP-pool, data rate etc.) *acct tables: here are the accounting information stored by freeRADIUS usergroup: assigning users to groups nas: for your NAS information (IP, secret, snmp community etc.) regards, Olaf -- Olaf Schaefer [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Diniz Da Rocha [EMAIL PROTECTED] wrote: do you know how long it *should* take before retrying?? Why ask me? See the server source. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Diniz Da Rocha [EMAIL PROTECTED] wrote: The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? The server *should* re-connect to MySQL after a period of time. If it doesn't, it's a bug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Diniz Da Rocha wrote: The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this??? Our SQL server is on another machine and works fine on reboots. It looks like your networking service may not be completely up and functional before radius starts. Add a sleep for 10 or 20sec in rc.local before FR starts and see what happens. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
do you know how long it *should*take before retrying?? On 2/27/06, Alan DeKok [EMAIL PROTECTED] wrote: Diniz Da Rocha [EMAIL PROTECTED] wrote: The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this???The server *should* re-connect to MySQL after a period of time.If it doesn't, it's a bug.Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
I also had that impression so I did a sleep for 30 secs but still no luck, I was wondering if it has something to do with the user who runs at startup if its not root??? but havent any info on this yet... what os are you runningyour FreeRadius on??? On 2/28/06, Dennis Skinner [EMAIL PROTECTED] wrote: Diniz Da Rocha wrote: The MySQL server is on another server with ip myip I initially thought it was a firewall block but even with no firewall I get this error. But once the server has started and I run service radiusd restart from a terminal the connect to the MySQL server works fine and has no problems. I even tried running the service from rc.local but it still fails did anyone have this problem??? is anyone running the MySQL server on another machine Is there a fix for this???Our SQL server is on another machine and works fine on reboots.It looks like your networking service may not be completely up andfunctional before radius starts.Add a sleep for 10 or 20sec inrc.local before FR starts and see what happens.--Dennis SkinnerSystems Administrator BlueFrog Internethttp://www.bluefrog.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Jonathan Carpenter [EMAIL PROTECTED] wrote: I have the authorize section in my radius.conf, what other authorize section do I need? It wasn't included in the debug output, or in the snippets from radiusd.conf. So one of two situations exist: a) it wasn't in radiusd.conf b) you edited the debug output radiusd.conf to remove it If (a), then it explains why the server doesn't do what you want. If (b), then you've gone out of your way to remove information that is needed to help you solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Jonathan Carpenter wrote: Here is the entry from my radius.conf authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } } Read what I wrote below. It says authorize section. That is the 1 section you did not show us. As Alan said, you are either missing it or making it hard for ppl to help you. Hint: look at the authorize section towards the bottom of your radius.conf. There should be a line like: # sql Uncomment it. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.1.0 Mysql 5.x
Chadwick Sorrell wrote: On 1/9/06, Nicolas Baradakis [EMAIL PROTECTED] wrote: It looks like a local setup issue: you should double-check if the version of the libmysqlclient binaries matches the version of the libmysqlclient headers on your system. PHP is accessing Mysql fine, well more to the point, PHP was compiled with Mysql 5 headers fine. I am using Gentoo. What else can I check? I'd suggest to check whether *FreeRADIUS* was compiled with Mysql 5 headers. Also check if you have several versions of the libmysqlclient installed simultaneously: perhaps the linker picks up the wrong version. See the output of the command: $ ldd /usr/lib/freeradius/rlm_sql_mysql.so -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.1.0 Mysql 5.x
Nicolas, As soon as I remove the --disable-static from the configure it seems to work fine. What do you think could be causing that? Thanks, Chad On 1/10/06, Nicolas Baradakis [EMAIL PROTECTED] wrote: Chadwick Sorrell wrote: On 1/9/06, Nicolas Baradakis [EMAIL PROTECTED] wrote: It looks like a local setup issue: you should double-check if the version of the libmysqlclient binaries matches the version of the libmysqlclient headers on your system. PHP is accessing Mysql fine, well more to the point, PHP was compiled with Mysql 5 headers fine. I am using Gentoo. What else can I check? I'd suggest to check whether *FreeRADIUS* was compiled with Mysql 5 headers. Also check if you have several versions of the libmysqlclient installed simultaneously: perhaps the linker picks up the wrong version. See the output of the command: $ ldd /usr/lib/freeradius/rlm_sql_mysql.so -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Jonathan Carpenter wrote: Config: including file: /etc/raddb/sql.conf That's good. rad_recv: Access-Request packet from host 127.0.0.1:32784 http://127.0.0.1:32784, id=125, length=58 User-Name = scooby User-Password = scooby NAS-IP-Address = 255.255.255.255 http://255.255.255.255 NAS-Port = 10 rad_lowerpair: User-Name now 'scooby' rad_rmspace_pair: User-Name now 'scooby' rad_rmspace_pair: User-Password now 'scooby' auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [scooby/scooby] (from client localhost port 10) So, looks like it has all that info about how to login to your MySQL server and what queries to use, but you never told it to actually use it. Hint: look at the authorize section towards the bottom of your radius.conf. There should be a line like: # sql Uncomment it. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Here is the entry from my radius.conf authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } } # # Pre-accounting. Decide which accounting type to use. # preacct { preprocess acct_unique suffix #files } # # Accounting. Log the accounting data. # accounting { acct_unique detail unix sql radutmp sql } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { radutmp sql } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { sql } } Do I just add sql to the authincate like so? authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } sql --- } Thanks, On 1/10/06, Dennis Skinner [EMAIL PROTECTED] wrote: Jonathan Carpenter wrote: Config: including file: /etc/raddb/sql.confThat's good. rad_recv: Access-Request packet from host 127.0.0.1:32784 http://127.0.0.1:32784, id=125, length=58 User-Name = scooby User-Password = scooby NAS-IP-Address = 255.255.255.255 http://255.255.255.255 NAS-Port = 10 rad_lowerpair:User-Name now 'scooby' rad_rmspace_pair:User-Name now 'scooby' rad_rmspace_pair:User-Password now 'scooby' auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [scooby/scooby] (from client localhost port 10) So, looks like it has all that info about how to login to your MySQLserver and what queries to use, but you never told it to actually use it.Hint: look at the authorize section towards the bottom of your radius.conf.There should be a line like:# sqlUncomment it.--Dennis SkinnerSystems AdministratorBlueFrog Internethttp://www.bluefrog.com -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Jonathan CarpenterLinux System Administrator Windows System AdministratorThe Unix Geek - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Jonathan Carpenter wrote: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. This doesn't look promising. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
Jonathan Carpenter [EMAIL PROTECTED] wrote: Here is the entry from my radius.conf ... And no authorize section. From the debug log you posted, it looks like you deleted it completely. Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.4 + mysql cannot authincate
I have the authorize section in my radius.conf, what other authorize section do I need?On 1/10/06, Alan DeKok [EMAIL PROTECTED] wrote:Jonathan Carpenter [EMAIL PROTECTED] wrote: Here is the entry from my radius.conf...And no authorize section.From the debug log you posted, it lookslike you deleted it completely.Don't do that. Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Jonathan Carpenter Linux System AdministratorWindows System AdministratorThe Unix Geek - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.1.0 Mysql 5.x
Chadwick Sorrell wrote: I am trying to get freeradius 1.1.0 up with mysql 5.0 and it is giving me trouble. [...] rlm_sql ((null)): Attempting to connect rlm_sql_mysql #300 It looks like a local setup issue: you should double-check if the version of the libmysqlclient binaries matches the version of the libmysqlclient headers on your system. And please turn off HTML in your email client when posting to this mailing list: http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.1.0 Mysql 5.x
On 1/9/06, Nicolas Baradakis [EMAIL PROTECTED] wrote: It looks like a local setup issue: you should double-check if the version of the libmysqlclient binaries matches the version of the libmysqlclient headers on your system. PHP is accessing Mysql fine, well more to the point, PHP was compiled with Mysql 5 headers fine. I am using Gentoo. What else can I check? Chad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.1.0 Mysql 5.x
Chadwick Sorrell [EMAIL PROTECTED] wrote: radiusd -X shows that the sql connection is established but radiusd doesn't limit the connections based on num_sql_socks and it continues to connect until my mysql hits its max connections. At that point it begins this... rlm_sql ((null)): Attempting to connect rlm_sql_mysql #299 That's a fairly serious problem. The initial (null) should *not* be happening, and appears to be impossible, based on my reading of the code. And the max number of sockets is hard-coded in the source to 256, so a socket number greater than that is impossible. I don't know what's wrong, but I've never seen this before. Something is very, very, wrong with your installation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
Luqman H said: No matching entry in the database for request from user [luqe] but if i'm quering manually on mysql: mysql SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'luqe' ORDER BY id; +-+--+---+--++ | id | UserName | Attribute | Value| op | +-+--+---+--++ | 553 | luqe | User-Password | mypassword | == | +-+--+---+--++ 1 row in set (0.00 sec) Try := in the op field and see if a match is found. -- Lewis Bergman Texas Communications 4309 Maple ST. Abilene, TX 79602 325-691-3301 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
2005/10/25, Lewis Bergman [EMAIL PROTECTED]: mysql SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'luqe' ORDER BY id; +-+--+---+--++ | id | UserName | Attribute | Value| op | +-+--+---+--++ | 553 | luqe | User-Password | mypassword | == | +-+--+---+--++ 1 row in set (0.00 sec) Try := in the op field and see if a match is found. i've try change the op field to := and still got this ... - rlm_sql (sql): No matching entry in the database for request from user [luqe] rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
if i include the user file, - rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): No matching entry in the database for request from user [luqe] rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module sql returns notfound for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [luqe] (from client dns port 1812) Sending Access-Accept of id 4 to 127.0.0.1:32810 Finished request 1 -- it successfully authenticate using 'user' file... but still fail with mysql.. with: No matching entry in the database ... so maybe the problem is in my data table that not correctly filled so here again i list my table data, please correct it to match the freeradius-1.0.5 requirement... - mysql SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'luqe' ORDER BY id; +-+--+---+--++ | id | UserName | Attribute | Value| op | +-+--+---+--++ | 553 | luqe | User-Password | mypassword | := | +-+--+---+--++ 1 row in set (0.00 sec) mysql SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; ++---+--+---++ | id | GroupName | Attribute| Value | op | ++---+--+---++ | 3 | dial-up | Auth-Type| Local | := | | 4 | dial-up | Simultaneous-Use | 1 | == | ++---+--+---++ 2 rows in set (0.00 sec) mysql SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'luqe' ORDER BY id; +-+--+---+-++ | id | UserName | Attribute | Value | op | +-+--+---+-++ | 553 | luqe | User-Password | mypassword| := | | 554 | luqe | Framed-IP-Address | 192.168.1.2 | := | | 558 | luqe | Simultaneous-Use | 2 | = | +-+--+---+-++ 3 rows in set (0.00 sec) mysql SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; ++---++-++ | id | GroupName | Attribute | Value | op | ++---++-++ | 4 | dial-up | Service-Type | Framed-User | := | | 5 | dial-up | Framed-Protocol| PPP | := | | 7 | dial-up | Framed-Compression | Van-Jacobson-TCP-IP | := | ++---++-++ 3 rows in set (0.02 sec) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and MySQL 4.1.12-1
Hello shell mysql Client does not support authentication protocol requested by server; consider upgrading MySQL client To solve this problem, you should use one of the following approaches: Upgrade all client programs to use a 4.1.1 or newer client library. When connecting to the server with a pre-4.1 client program, use an account that still has a pre-4.1-style password. Reset the password to pre-4.1 style for each user that needs to use a pre-4.1 client program. This can be done using the SET PASSWORD statement and the OLD_PASSWORD() function: mysql SET PASSWORD FOR - 'some_user'@'some_host' = OLD_PASSWORD('newpwd'); Alternatively, use UPDATE and FLUSH PRIVILEGES: mysql UPDATE mysql.user SET Password = OLD_PASSWORD('newpwd') - WHERE Host = 'some_host' AND User = 'some_user'; mysql FLUSH PRIVILEGES; http://dev.mysql.com/doc/mysql/en/old-client.html Regards Reza -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, July 22, 2005 2:54 PM To: freeradius-users@lists.freeradius.org Subject: freeradius and MySQL 4.1.12-1 Hi, I have a Suse 9.2 server with the 64-bits 4.1.12-1 MySQL version (I need the MySQL 4.1 database for another applications). I want to have a radius server on this server. The freeradius-1.0.0-5.5.x86_64.rpm package is installed and the radius database is created and filled correctly. The radius configuration files are OK to ask sql before files. The database server/login/password/radius_db are set in the sql.conf file. When I make a test with radtest, I can see in the radius log : Wed Jul 20 16:25:37 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Jul 20 16:25:37 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Wed Jul 20 16:25:37 2005 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Wed Jul 20 16:25:37 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Wed Jul 20 16:25:37 2005 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Wed Jul 20 16:25:37 2005 : Error: rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' Wed Jul 20 16:25:37 2005 : Error: rlm_sql (sql): Failed to connect DB handle #0 Wed Jul 20 16:25:37 2005 : Info: Ready to process requests. I think that's typically the error occured if a 4.0.x client try to connect a 4.1.x database with the 4.0 protocol. My question : How update the MySQL client version of freeradius to 4.1 protocol ? Thanks in advance, Didier Wintgens E-mail : [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and MySQL 4.1.12-1
Didier Wintgens wrote: How update the MySQL client version of freeradius to 4.1 protocol ? Don't use the RPM package and rebuild FreeRADIUS from source against MySQL 4.1 client library. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL -- missing libraries?
On Fri, Apr 01, 2005 at 12:42:18PM -0800, Rick Kunkel wrote: Hello all, When I run an ldd though, I see this: # ldd rlm_sql_mysql.so libmysqlclient.so.12 = not found libz.so.1 = /usr/lib/libz.so.1 (0x4000b000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x40019000) libnsl.so.1 = /lib/libnsl.so.1 (0x40046000) libm.so.6 = /lib/libm.so.6 (0x4005a000) libc.so.6 = /lib/libc.so.6 (0x4007b000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000) Am I getting that error in debugging more since libmysqlclient.so.12 is missing, which causes rlm_sql_mysql.so to fail as well? Yes. OK..on the OTHER RADIUS machine, when attempting to implement SQL, I get: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' This machine DOES have the libmysqlclient libraries, but maybe they're too old? That's right. You'll find you've got a mySQL 4.1 server, and libmysqlclient.so.10 (from mySQL 3.x) installed. They won't work together out of the box. You can tell the mySQL server to use the old style of password authentication, as a workaround, I believe. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-19 13:11]: * Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]: On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: [ FreeRADIUS + MySQL + SSL ] Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch [...] I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. There's some news: MySQL is going for yaSSL in the 5.0 tree: http://bugs.mysql.com/bug.php?id=8508error=lp Anyway, it won't affect the mysql_ssl_set() function I guess. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Fri, Apr 01, 2005 at 01:34:37AM +0200, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-19 13:11]: * Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]: On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: [ FreeRADIUS + MySQL + SSL ] Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch [...] I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. There's some news: MySQL is going for yaSSL in the 5.0 tree: http://bugs.mysql.com/bug.php?id=8508error=lp Anyway, it won't affect the mysql_ssl_set() function I guess. Hmm. For the record, [1] too. Yassl looks interesting. You're right though, as long as they don't change the libmysqlclient API, all the previous comments about protecting it with a #define based on a header function check are sufficient. [1] http://bugs.mysql.com/bug.php?id=6924 -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Paul Hampson [EMAIL PROTECTED] [2005-03-20 03:50]: On Sat, Mar 19, 2005 at 02:06:56PM +0100, Wolfram Schlich wrote: * Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]: On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: [ MySQL+SSL patch for FreeRADIUS ] Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please remember to post patches to the list for easier discussion. Ok, sorry. And also, this sort of patch would probably be best against HEAD. The patch wasn't meant as an official submission for upstream, but as a basis for a discussion :) Yeah, sorry about that. I didn't notice this was on -user intead of -devel, and treated it as if it was on the latter. _ Not your fault. I should have labelled it accordingly :-) I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* Basically, things going into 1.0.3 (if it happens) are bug fixes, not feature changes. The fact that you have to recompile your mySQL locally anyway to enable SSL makes it reasonable to me to say this change is something you can patch in yourself as well. Well, using Gentoo Linux for example, when you have the 'ssl' USE flag set, which is the default, MySQL will be compiled with SSL support right from the start, so there's no need to re-compile it if you have already installed it. If upstream binaries were coming SSL-enabled, we could almost build a case that this is a bug, rather than a new feature. I still don't see why we have to depend the inclusion of this kind of functionality on MySQL distribution binaries. It doesn't affect Gentoo or other source based distros at all for example. Still, it has to get into HEAD before I'll consider it for 1.0.3, so one hurdle at a time. Ok. I will post something to -devel asking for help on how to deal with it :o) They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. It matters as far as distributing binaries goes. You can't distribute a binary that links GPL code without any exception (such as FreeRADIUS and many of its depended-on libraries) with OpenSSL. Ah, of course. But well, binaries is just an additional form of distribution for me, source is the main one IMHO. You could disable SSL by default in the configure script btw. It's slightly more complicated than that, but there is a license issue of some kind which needs to be looked out for. It doesn't really affect _us_, but it's something to be mindful of when playing with these things. Yup, thanks for your thoughts. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
I never said to use stunnel on the box with MySQL. Use it on the box with Freeradius and dont use untested patches on what I take is gonna be a production server. Stunnel is very stable and reliable. Anyway, I'd rather make SSL connection between two MySQL servers with database replication and make your radius talk to the one local to it. And be nice, Yeah, right is not something you say asking strangers for advices. On Sat, 19 Mar 2005 04:14:11 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Marcin Jessa [EMAIL PROTECTED] [2005-03-19 04:05]: On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please feel invited to test it and eventually fix any bugs you find :-) All you need is stunnel. Yeah, right -- because MySQL supports SSL right out of the box, I will use another piece of external software. EBADIDEA. With MySQL-4, there's no need for such a kludgy workaround anymore. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards, M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Marcin Jessa [EMAIL PROTECTED] [2005-03-19 13:17]: On Sat, 19 Mar 2005 04:14:11 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Marcin Jessa [EMAIL PROTECTED] [2005-03-19 04:05]: On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please feel invited to test it and eventually fix any bugs you find :-) All you need is stunnel. Yeah, right -- because MySQL supports SSL right out of the box, I will use another piece of external software. EBADIDEA. With MySQL-4, there's no need for such a kludgy workaround anymore. I never said to use stunnel on the box with MySQL. Use it on the box with Freeradius As far as I can tell MySQL doesn't use SSL as one might think at first, it uses the standard (unencrypted) MySQL protocol to make a handshake with the peer and negotiate SSL flags, then it switches to SSL secured communication, so I doubt it'd work the way you suggested. I'm open to a counter-evidence, of course :) and dont use untested patches on what I take is gonna be a production server. That's what I'm doing all this for, to get it tested and maybe some kind of approved by the FreeRADIUS maintainers. Nonetheless this patch is only for _enabling_ already tested functionality (from the MySQL client library), so it won't be a big deal anyway -- either it works, or it doesn't, you'll notice it right at the start :) Stunnel is very stable and reliable. I think you are right, but that still doesn't make me want to use it for the forementioned scenario :) I use stunnel for software which doesn't support SSL _at all_, but MySQL does -- FreeRADIUS just lacks a few lines of code for enabling it. Anyway, I'd rather make SSL connection between two MySQL servers with database replication and make your radius talk to the one local to it. That would be even more overhead than the use of stunnel. I still don't see a logical reason to forego the native MySQL4 SSL implementation for an external 3rd party one. Anyway, this discussion was not meant to be about personal taste. So, if you'd go for stunnel, I'm absolutely fine with that :) If you have to say something regarding the patch _besides_ philosophical aspects, feel free to participate. Thanks. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]: On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please remember to post patches to the list for easier discussion. Ok, sorry. And also, this sort of patch would probably be best against HEAD. The patch wasn't meant as an official submission for upstream, but as a basis for a discussion :) I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. That said, this patch looks OK to me, although it does raise the question of when that function was added to the mySQL client library. 4.0.x IIRC It's not a problem if the client was built without SSL support, as the function will still exist and run, but is effectively a no-op. [3] Yup. I'd maybe be happier if it was a configure option, so that people who _need_ to link against the LGPL libmysqlclient10 (or whatever it's called outside Debian. ^_^) don't get stuck unable to build rlm_sql_mysql. And with that configure option, I expect the configure help to mention what version of the client library is needed. ^_^ Good idea. (For reference, a quick check in Debian suggests that in 3.23.49, the function is only present if mySQL was compiled with --with-ssl, while in 4.0.23 it was always available. So this _does_ have to be done before it can be accepted.) Oh, I didn't know 3.23.x did support SSL to whatever extent :) If you like, you can probably make it a configure test that checks for mysql_ssl_set being available in mysql.h, and flags it accordingly to make it easier for the user. (eg. They have to do exactly nothing to use their SSL-enabled libmysqlclient with FreeRADIUS.) This should only be a line or two in configure.in. ^_^ Agreed. I guess I'll email the -devel list and ask the developers about their opionion to probe for a possible inclusion of the SSL functionality into upstream. Thanks for your input! [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291945 [2] http://bugs.mysql.com/bug.php?id=8508 [3] http://dev.mysql.com/doc/mysql/en/mysql-ssl-set.html -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Sat, Mar 19, 2005 at 02:06:56PM +0100, Wolfram Schlich wrote: * Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]: On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please remember to post patches to the list for easier discussion. Ok, sorry. And also, this sort of patch would probably be best against HEAD. The patch wasn't meant as an official submission for upstream, but as a basis for a discussion :) Yeah, sorry about that. I didn't notice this was on -user intead of -devel, and treated it as if it was on the latter. _ I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* Basically, things going into 1.0.3 (if it happens) are bug fixes, not feature changes. The fact that you have to recompile your mySQL locally anyway to enable SSL makes it reasonable to me to say this change is something you can patch in yourself as well. If upstream binaries were coming SSL-enabled, we could almost build a case that this is a bug, rather than a new feature. Still, it has to get into HEAD before I'll consider it for 1.0.3, so one hurdle at a time. They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. It matters as far as distributing binaries goes. You can't distribute a binary that links GPL code without any exception (such as FreeRADIUS and many of its depended-on libraries) with OpenSSL. It's slightly more complicated than that, but there is a license issue of some kind which needs to be looked out for. It doesn't really affect _us_, but it's something to be mindful of when playing with these things. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
All you need is stunnel. On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please feel invited to test it and eventually fix any bugs you find :-) -- Wolfram Schlich -- Regards, M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Marcin Jessa [EMAIL PROTECTED] [2005-03-19 04:05]: On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich [EMAIL PROTECTED] wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please feel invited to test it and eventually fix any bugs you find :-) All you need is stunnel. Yeah, right -- because MySQL supports SSL right out of the box, I will use another piece of external software. EBADIDEA. With MySQL-4, there's no need for such a kludgy workaround anymore. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]: * Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please remember to post patches to the list for easier discussion. And also, this sort of patch would probably be best against HEAD. I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] That said, this patch looks OK to me, although it does raise the question of when that function was added to the mySQL client library. It's not a problem if the client was built without SSL support, as the function will still exist and run, but is effectively a no-op. [3] I'd maybe be happier if it was a configure option, so that people who _need_ to link against the LGPL libmysqlclient10 (or whatever it's called outside Debian. ^_^) don't get stuck unable to build rlm_sql_mysql. And with that configure option, I expect the configure help to mention what version of the client library is needed. ^_^ (For reference, a quick check in Debian suggests that in 3.23.49, the function is only present if mySQL was compiled with --with-ssl, while in 4.0.23 it was always available. So this _does_ have to be done before it can be accepted.) If you like, you can probably make it a configure test that checks for mysql_ssl_set being available in mysql.h, and flags it accordingly to make it easier for the user. (eg. They have to do exactly nothing to use their SSL-enabled libmysqlclient with FreeRADIUS.) This should only be a line or two in configure.in. ^_^ [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291945 [2] http://bugs.mysql.com/bug.php?id=8508 [3] http://dev.mysql.com/doc/mysql/en/mysql-ssl-set.html -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]: Hey guys, we would like to implement the following setup: - FreeRADIUS radiusd on machine A - MySQL mysqld on machine B FreeRADIUS should use the MySQL database on machine A over an SSL secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) -- Wolfram Schlich pgpmM6VwKGHEe.pgp Description: PGP signature
Re: Freeradius/Poptop/Mysql-Problem -- failed authentication
Harald Mueller [EMAIL PROTECTED] wrote: auth: type Local I think you set Auth-Type := Local somewhere. Why? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/Poptop/Mysql-Problem -- failed authentication
Hi Alan! Thanks for your answer!!! --- Alan DeKok [EMAIL PROTECTED] schrieb: I think you set Auth-Type := Local somewhere. Mh ...I don't think so ... pptpd1:/etc/raddb # grep Local users #steve Auth-Type := Local, User-Password == testing #John Doe Auth-Type := Local, User-Password == hello #DegAuth-Type := Local, User-Password == ge55ged #dialbk Auth-Type := Local, User-Password == callme (everthing commented out in users) mysql select * from radgroupcheck; ++---+---+++ | id | GroupName | Attribute | op | Value | ++---+---+++ | 2 | dynamic | Auth-Type | := | DIGEST | ++---+---+++ And thats the entry in mysql ... I had to add this line to get it work on my gentoo-system. But it makes no different adding this on SuSe. I have no idea whats going wrong :-( Any ideas? Thanks! Greetz -Harry ___ Gesendet von Yahoo! Mail - Jetzt mit 250MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL
TJ Burbank [EMAIL PROTECTED] wrote: When attempting to start the FreeRadius server in Debugging mode I get unable to bind port to ip address 0.0.0.0:1812 It should tell you why. i.e. here's another RADIUS server running. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and Mysql
All, I've successfully set up my freeradius to lookup the users in MySql. I've two questions: 1. Is it possible to configure the RADIUS Clients in MySql too? I'm using Freeradius 1.0.0 , simply put the following line in sql.conf. readclients = yes Please remember: It only loaded when freeradius starts . No real time update ! 2. would it be possible to write specific RADIUS Attributes into the accounting db? In some cases, I will get VSAs, which I have to keep for some days. In the text file accounting, I can find them. You can modify the standard accounting table and queries (in the sql.conf file) to include any attribute you nas returns in the accounting requests. PC_Studio
Re: Freeradius and MySQL
Stefan escreveu: All, I've successfully set up my freeradius to lookup the users in MySql. I've two questions: 1. Is it possible to configure the RADIUS Clients in MySql too? There is a nas table in the db schema now but I don't know how it works. 2. would it be possible to write specific RADIUS Attributes into the accounting db? In some cases, I will get VSAs, which I have to keep for some days. In the text file accounting, I can find them. You can modify the standard accounting table and queries (in the sql.conf file) to include any attribute you nas returns in the accounting requests. Hope that helps, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with Mysql Data Base
Hi, Just some suggestions: 1) use plain text mail 2) split up your problem in several parts (e.g. the mysql part and the Cisco part) For the Cisco part, reading the Cisco manuals might help For the Mysql part, reading documentation and configuration files might help (e.g. /etc/raddb/sql.conf and /etc/raddb/radiusd.conf) -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 08, 2004 5:26 PM Subject: freeradius with Mysql Data Base Dear list: This is my first experience with freeradius. I installed freeradius-1.0.1.tar.gz into a Red Hat box 7.3 (it is old but I don´t have other option), however radius server is running OK. This week I worked with PPP basic authentication and authorization options working clients and user flat files and all is working OK. I´d like to use freeradius to router (Cisco) management access from my users. I have some questions and I´ll appreciate your help: 1.- I have this lines in my cisco ocnfiguration: aaa authentication login default group radius enable aaa authorization exec default group radius with the second line, when the customer login in into router he enter his username and password and he receive a Router promt for example, then if he likes to access to enbale mode configuration, he type enable command and the router ask for a Password. My question is: How should I to configure my user profile for this operation? and where I to keep that password?, the pasword have to be the same for all routers. Now, I´d like to work with MySQL database for a better administration. For create my Database I used the db_mysql.sql script provided when I untarted the tar.gz file, now: 1.- How should I to configure my freeradius to work with MySQL? Thank you for your help. EDWIN LIMACHI N. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : freeradius and mysql
Hi , Have you done the Configurable failover in /doc ? If you want send me your radius.conf and sql.conf or I give you mine to see what happens. What is exactly the pb ? Could we have your log (radiusd -X) ? thx -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : mercredi 15 septembre 2004 23:03 À : [EMAIL PROTECTED] Objet : freeradius and mysql I have a problem: I have a freeradius server and two mysql servers, I need freeradius connect to the mysql servers and when one of them fails the request goes automaticaly to the other mysql server and freeradius can still working without any interuption. I have tried with many configurations, but it doesn't works. Please anyone can give me some help. freeradius 1.0 and mysql 3.28 Alex - Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS and MySQL
Ok! Great, Here it comes my next question. How can I identify a request based on the NAS-Identifier attribute and configure FreeRADIUS to, based on that attribute, execute a specific SQL clause? I don't see such an option in the radiusd.conf file... Kind regards, Alex -Original Message- From: jesk [mailto:[EMAIL PROTECTED] Sent: Monday, July 19, 2004 4:45 PM To: [EMAIL PROTECTED] Subject: Re: FreeRADIUS and MySQL All these things can be done with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL
you can execute a programm for every reply item. Attribute-Name = `{%exec:/path/to/program args}` in the program itself you can use the environment variables for reading the nasipaddress or something else, all request items are placed into the enviroment of the forked programm. the output of the programm will be placed in the value of the attribute. all this can you find in radiusd.conf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL
All these things can be done with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius--with mysql database???
Hi, There's a howto here: http://www.frontios.com/freeradius.html Regards --- Joel n.solanki [EMAIL PROTECTED] wrote: Dear freeradius gurus, I am very new to radius.Just know what is radius nothing more :) I have downloaded freeradius-0.9.2.tar.gz and installed it. My system is Redhat 9.0 Problem:- I want my pppoe users to authenticate with freeradius and the (Usernames / Passwords) should be in mysql database and lot of other things. So how could i enable mysql database configuration in freeradius files? I want mysql support in freeradius ..need to enable it? Can someone throw light on my small question. Thanking in advance. Joel n.solanki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = Julius Igugu SouthWork Co. Ltd. __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Using Mysql Database
--- Nagesh Boyina [EMAIL PROTECTED] wrote: Dear Mr.Kiran, Where can I create the usernames and passwords for authentication in the database. in two two tables - radcheck and radreply And also send example of cisco av pairs. mysql select * from radcheck limit 1; +--+---+---++---+ | id | UserName | Attribute | op | Value | +--+---+---++---+ | 5576 | happykiran| Password | == | test123 | +--+---+---++---+ mysql select * from radreply limit 2; +---+---+--++-+ | id| UserName | Attribute| op | Value | +---+---+--++-+ | 16417 | happykiran| Password | == | test123 | | 16419 | happykiran| Cisco-AVpair | = | h323-return-code=1 | +-+ Nagesh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Using Mysql Database
Dear Alan Dekok, I have installed Freeradius with help of document. And also I installed Mysql database, but I am not able to create the usernames and passowrds. And I will tell u my requirement is I want use this radius server for ISDN users for authentication. And we have a cisco 3600 series router. For this we should use the Cisco AV Pairs. So pls kindly let me know how to create the Cisco AV Pairs in the database. NAS pool was configured in the router only. When the customer authenticates he will get the static ip address. Thanks in advance Nagesh Boyina --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Using Mysql Database
Dear Alan Dekok, I have installed Freeradius with help of document. And also I installed Mysql database, but I am not able to create the usernames and passowrds. And I will tell u my requirement is I want use this radius server for ISDN users for authentication. And we have a cisco 3600 series router. For this we should use the Cisco AV Pairs. So pls kindly let me know how to create the Cisco AV Pairs in the database. NAS pool was configured in the router only. When the customer authenticates he will get the static ip address. Thanks in advance Nagesh Boyina --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 6/7/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html