Re: Freeradius AND Mysql ? or Freeradius-mysql package??? or both?
> i have installed debian, mysql server 5.0 (by aptitude install) and > freeradius-server-2.1.7 by wget and "untar -xvfz" , manually. > > Question is: > > it is necessary install freeradius-mysql package? If you installed freeradius from source - no. Source has complete server. But it is dependany on development headers. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
I think what I'll do is just change the reply query to pull from the
Profiles table so the query would look like
id,username,profiles,'true',';='. Then I'll change the dictionary file
so the "Slip" profile gets the correct attributes, and "true" will be
passed tith each of the account types
On Thu, 2008-11-06 at 04:15 +0530, Venkatesh K wrote:
> You can extend the rlm_sql module to read from your schema though it
> is some work. Alternatively you can go with perl and scripting.
>
> I believe extending rlm_sql module to read your schema and generate
> AVP's will give better performance, but I might be wrong. I have taken
> this path for a custom database.
>
> Regards,
>
> Venkatesh K
>
> On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert <[EMAIL PROTECTED]> wrote:
> > Becuase the database is already established with thousands of
> > customers We're looking to migrate from an existing VOPRadius
> > system. The MsSql database is tied into our account management system
> > as well
> >
> > On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
> >>
> >>
> >> authorize_reply_query = "SELECT
> >> '',Username,'Profile',Profiles,':=' FROM
> >> radius_auth WHERE Username = '%{SQL-User-Name}'"
> >>
> >>
> >>
> >> It's doing exactly what you tell it to do.
> >>
> >>
> >>
> >>
> >>
> >> query: SELECT '',Username,'Profile',Profiles,':=' FROM
> >> radius_auth
> >> WHERE Username = '[EMAIL PROTECTED]'
> >>
> >> There's the query as you defined it above...
> >>
> >>
> >>
> >>
> >> Sending Access-Accept of id 46 to 206.174.130.217 port 40278
> >>Profile := "Slip"
> >>
> >> And there's the access-accept with a reply attribute of Profile :=
> >> "Slip". In your database you clearly have a column titled 'Profile'
> >> in radius_auth with value of "Slip" for the row for the username
> >> "[EMAIL PROTECTED]"
> >>
> >> To get what you want, you would need a column titled "Slipstream-Auth"
> >> with a value of "True" for the row for the username
> >> "[EMAIL PROTECTED]".
> >>
> >> But all this is actually a bit horkie. It makes little sense to have
> >> to add a column everytime you want a random check/reply attribute.
> >> It's bad practice and going to be terribly inefficient by any database
> >> backend.
> >>
> >> Why is it that you don't want to follow the provided schema (in 2.x
> >> raddb/sql/mysql/) and predefined queries?
> >>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
You can extend the rlm_sql module to read from your schema though it
is some work. Alternatively you can go with perl and scripting.
I believe extending rlm_sql module to read your schema and generate
AVP's will give better performance, but I might be wrong. I have taken
this path for a custom database.
Regards,
Venkatesh K
On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert <[EMAIL PROTECTED]> wrote:
> Becuase the database is already established with thousands of
> customers We're looking to migrate from an existing VOPRadius
> system. The MsSql database is tied into our account management system
> as well
>
> On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
>>
>>
>> authorize_reply_query = "SELECT
>> '',Username,'Profile',Profiles,':=' FROM
>> radius_auth WHERE Username = '%{SQL-User-Name}'"
>>
>>
>>
>> It's doing exactly what you tell it to do.
>>
>>
>>
>>
>>
>> query: SELECT '',Username,'Profile',Profiles,':=' FROM
>> radius_auth
>> WHERE Username = '[EMAIL PROTECTED]'
>>
>> There's the query as you defined it above...
>>
>>
>>
>>
>> Sending Access-Accept of id 46 to 206.174.130.217 port 40278
>>Profile := "Slip"
>>
>> And there's the access-accept with a reply attribute of Profile :=
>> "Slip". In your database you clearly have a column titled 'Profile'
>> in radius_auth with value of "Slip" for the row for the username
>> "[EMAIL PROTECTED]"
>>
>> To get what you want, you would need a column titled "Slipstream-Auth"
>> with a value of "True" for the row for the username
>> "[EMAIL PROTECTED]".
>>
>> But all this is actually a bit horkie. It makes little sense to have
>> to add a column everytime you want a random check/reply attribute.
>> It's bad practice and going to be terribly inefficient by any database
>> backend.
>>
>> Why is it that you don't want to follow the provided schema (in 2.x
>> raddb/sql/mysql/) and predefined queries?
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Venkatesh. K
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Becuase the database is already established with thousands of
customers We're looking to migrate from an existing VOPRadius
system. The MsSql database is tied into our account management system
as well
On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
>
>
> authorize_reply_query = "SELECT
> '',Username,'Profile',Profiles,':=' FROM
> radius_auth WHERE Username = '%{SQL-User-Name}'"
>
>
>
> It's doing exactly what you tell it to do.
>
>
>
>
>
> query: SELECT '',Username,'Profile',Profiles,':=' FROM
> radius_auth
> WHERE Username = '[EMAIL PROTECTED]'
>
> There's the query as you defined it above...
>
>
>
>
> Sending Access-Accept of id 46 to 206.174.130.217 port 40278
>Profile := "Slip"
>
> And there's the access-accept with a reply attribute of Profile :=
> "Slip". In your database you clearly have a column titled 'Profile'
> in radius_auth with value of "Slip" for the row for the username
> "[EMAIL PROTECTED]"
>
> To get what you want, you would need a column titled "Slipstream-Auth"
> with a value of "True" for the row for the username
> "[EMAIL PROTECTED]".
>
> But all this is actually a bit horkie. It makes little sense to have
> to add a column everytime you want a random check/reply attribute.
> It's bad practice and going to be terribly inefficient by any database
> backend.
>
> Why is it that you don't want to follow the provided schema (in 2.x
> raddb/sql/mysql/) and predefined queries?
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
>
> authorize_reply_query = "SELECT '',Username,'Profile',Profiles,':=' FROM
> radius_auth WHERE Username = '%{SQL-User-Name}'"
>
>
It's doing exactly what you tell it to do.
>
>
> query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth
> WHERE Username = '[EMAIL PROTECTED]'
>
There's the query as you defined it above...
>
>
> Sending Access-Accept of id 46 to 206.174.130.217 port 40278
>Profile := "Slip"
And there's the access-accept with a reply attribute of Profile := "Slip".
In your database you clearly have a column titled 'Profile' in radius_auth
with value of "Slip" for the row for the username "[EMAIL PROTECTED]"
To get what you want, you would need a column titled "Slipstream-Auth" with
a value of "True" for the row for the username "[EMAIL PROTECTED]".
But all this is actually a bit horkie. It makes little sense to have to add
a column everytime you want a random check/reply attribute. It's bad
practice and going to be terribly inefficient by any database backend.
Why is it that you don't want to follow the provided schema (in 2.x
raddb/sql/mysql/) and predefined queries?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Posting relevant sections along with an explanation -
I was doing some fiddling in between posting and responding here. Here
is the current setup, as I was trying to make it work:
dictionary.slipstream -
VENDOR Slipstream 7000
ATTRIBUTE Profile 1 string Slipstream
reply query in mssql.conf -
authorize_reply_query = "SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'"
Relevant output when running radiusd -X -
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: Looking up realm "evenlink.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "evenlink.com"
modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':='
FROM radius_auth WHERE Username = '[EMAIL PROTECTED]''
rlm_sql (sql): Reserving sql socket id: 4
query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
radius_xlat: 'SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]''
query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth
WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := "Slip"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 46 with timestamp 4911f770
Nothing to do. Sleeping until we see a request.
This doesn't allow the slip user to connect to the slip service.
However, if I change everything to the following:
dictionary.slipstream:
VENDOR Slipstream 7000
ATTRIBUTE Slipstream-Auth 1 string Slipstream
mssql query:
authorize_reply_query = "SELECT
'',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE
Username = '%{SQL-User-Name}'"
Output:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: Looking up realm "evenlink.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "evenlink.com"
modcall[authorize]: module "suffix" returns noop for request 0
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':='
FROM radius_auth WHERE Username = '[EMAIL PROTECTED]''
rlm_sql (sql): Reserving sql socket id: 4
query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
radius_xlat: 'SELECT '',Username,'Slipstream-Auth','true',':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]''
query: SELECT '',Username,'Slipstream-Auth','true',':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 230 to 206.174.130.217 port 56427
Slipstream-Auth := "true"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 230 with timestamp 4911fa44
Nothing to do. Sleeping until we see a request.
As you can see, what I need to do is basically say if the Profiles
column in the sql database has a value of Slip, then Slipstream-Auth =
"true" needs to be passed back in the reply query. I just can't figure
out how to do that...
On Wed, 2008-11-05 at 13:56 -0500, Stephen Bowman wrote:
>
>
> have created a dictionary.slipstream file with the following:
>
> VENDOR Slipstream 7000
> ATTRIBUTE SlipStream-Auth True string Slipstream
>
> However, that will not authenticate the slip client. If I
> "hardcode"
> the attribute into the auth_reply query, the client is then
> authenticated. (Query = authorize_reply_query = "SELECT
> '','Slipstream-Auth','true',':-' FROM radius_auth WHERE
> Username =
> '%{SQL-User-Name}'"
>
> Any ideas where to go to get this working correctly?
>
>
> Post the output of radiusd -X.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.o
Re: FreeRadius and MySql custom attributes
I'll also add that the dictionary.slipstream is included in the
dictionary file. FreeRadius running on freeBSD
On Wed, 2008-11-05 at 12:14 -0500, Aaron Seibert wrote:
> Hello,
>
> I work in the NOC of an isp. Currently we have VIRCOM Radius servers
> set up to authenticate against a MySql server cluster, but we'd like to
> switch to FreeRadius. There is a profiles column that contains a few
> different service definitions (slip for SlipStream, newsgroups, a combo
> slip-news, etc.) What I can't figure out how to do is have the Radius
> server evaluate that column for the authenticated user, and send a reply
> so that the client knows that the user is authenticated for that
> specific service. Currently, I'm just trying to get the slip service to
> work. I have created a dictionary.slipstream file with the following:
>
> VENDOR Slipstream 7000
> ATTRIBUTE SlipStream-Auth True string Slipstream
>
> However, that will not authenticate the slip client. If I "hardcode"
> the attribute into the auth_reply query, the client is then
> authenticated. (Query = authorize_reply_query = "SELECT
> '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username =
> '%{SQL-User-Name}'"
>
> Any ideas where to go to get this working correctly?
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
have created a dictionary.slipstream file with the following:
>
> VENDOR Slipstream 7000
> ATTRIBUTE SlipStream-Auth True string Slipstream
>
> However, that will not authenticate the slip client. If I "hardcode"
> the attribute into the auth_reply query, the client is then
> authenticated. (Query = authorize_reply_query = "SELECT
> '','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username =
> '%{SQL-User-Name}'"
>
> Any ideas where to go to get this working correctly?
>
Post the output of radiusd -X.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
You have posted the beginning of the error statement (which is irrelevant) and left out the most important bit that comes after: "Check the manual that corresponds to your MySQL server version for the right syntax to use near" Script provided with the server doesn't have any errors. You have done something to it. You should also post the lines just before the line with the error (including the line with the error). Ivan Kalik Kalik Informatika ISP Dana 5/8/2007, "zahra bahar" <[EMAIL PROTECTED]> piše: >yes I had mistake in writing.I used > # mysql -u root -p < mysql.sql > but it has that error. > > > >[EMAIL PROTECTED] wrote: USE : > # mysql -u root -p < mysql.sql > > NOT : > # mysql -u root -p > mysql.sql > > By; > >-Message d'origine- >De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra >bahar >Envoyé : samedi 4 aoűt 200706:05 >Ŕ : FreeRadius users mailing list >Objet :Re: freeradius and mysql > > >I send the error in my email.this error is: > >ERROR 1064(42000) at line 1:you have an error in your sql > syntax,.. > > > > >[EMAIL PROTECTED]wrote: And the error is? > >Ivan Kalik >Kalik Informatika ISP > > >Dana 1/8/2007, "zahra bahar" piše: > >>Hi >> I am new in radius, I want to use sql for accounting in freeradius. for >> creating tables of radius I use >> # mysql -u root -p > mysql.sql >> after entering password there is this error: >> >> ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. >> use the ql.sal rlm_sql Freeradius sql module. >> >> I don't know the reason of this error. >> >> >>- >>Ready for the edge of your seat? Check out tonight's top picks on Yahoo! >> TV. >> > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > > >- > Shape Yahoo! in your own image. Joinour Network Research Panel today! - >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > >- >Be a better Heartthrob. Get better relationship answers from someone who knows. >Yahoo! Answers - Check it out. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
yes I had mistake in writing.I used # mysql -u root -p < mysql.sql but it has that error. [EMAIL PROTECTED] wrote: USE : # mysql -u root -p < mysql.sql NOT : # mysql -u root -p > mysql.sql By; -Message d'origine- De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra bahar Envoyé : samedi 4 août 200706:05 À : FreeRadius users mailing list Objet :Re: freeradius and mysql I send the error in my email.this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED]wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, "zahra bahar" pi¹e: >Hi > I am new in radius, I want to use sql for accounting in freeradius. for > creating tables of radius I use > # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. > > >- >Ready for the edge of your seat? Check out tonight's top picks on Yahoo! >TV. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Joinour Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
Sorry, USE : # mysql -u root -p radius < mysql.sql and not : # mysql -u root -p > mysql.sql -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, "zahra bahar" pi¹e: >Hi > I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use > # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. > > >- >Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
USE : # mysql -u root -p < mysql.sql NOT : # mysql -u root -p > mysql.sql By; -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, "zahra bahar" pi¹e: >Hi > I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use > # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. > > >- >Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, "zahra bahar" pi¹e: >Hi > I am new in radius, I want to use sql for accounting in freeradius. for > creating tables of radius I use > # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. > > >- >Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Join our Network Research Panel today!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
On Wed 01 Aug 2007, zahra bahar wrote: > Hi > I am new in radius, I want to use sql for accounting in freeradius. for > creating tables of radius I use # mysql -u root -p > mysql.sql > after entering password there is this error: You are using the wrong pipe.. Use < instead > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. http://wiki.freeradius.org/SQL_HOWTO -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
> # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. You want to feed the commands from the file mysql.sql to the mysql command? Then you must use <, not >. I.e.: mysql -u root -p < mysql.sql Also, IIRC the mysql.sql script does only create the tables, not the database itself. So, first create a database called "radius", and then make your client use this database to execute the commands: mysql -u root -p radius < mysql.sql Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, "zahra bahar" <[EMAIL PROTECTED]> piše: >Hi > I am new in radius, I want to use sql for accounting in freeradius. for > creating tables of radius I use > # mysql -u root -p > mysql.sql > after entering password there is this error: > > ERROR 1064(42000) at line 1:you have an error in your sql syntax,... > use the ql.sal rlm_sql Freeradius sql module. > > I don't know the reason of this error. > > >- >Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
"jose a. zúñiga" said > I need a tutorial in order to connect freeradius and mysql It kind of depends on what you want to do with the MySQL: Authenticate? Handle per-user check/return attributes? Handle per-group check/return attributes? Accounting? Dynamic IP assignment? Whatever your requirements, I would recommend waiting a few days. Version 1.1.7 is in the process of being released, and there is an effort underway to get the MySQL version of the various queries whipped into shape, and the schema modified slighty. I'm testing some of the changes this weekend. I'd be happy to help you out with the MySQL stuff once 1.1.7 is out. > jose a. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
Obvious silly mistake...previous install was in /etc/raddbthanks Ivan...knew I was doing something silly -Original Message- From: [EMAIL PROTECTED] rg [mailto:[EMAIL PROTECTED] radius.org] On Behalf Of Alan DeKok Sent: 02 July 2007 17:13 To: FreeRadius users mailing list Subject: Re: Freeradius and MySQL problem!!! Ackbar Joolia wrote: > Ivan, > I've given all permissions to sql.confnothing...it's still the same. Its strange, this used to work well before for the previous version of freeradius. Seems simple, yet!!! > > Any other advice? Is the server reading the file you are editing? ... >>> reread_config: reading radiusd.conf >>> Config: including file: /usr/local/etc/raddb/proxy.conf Maybe the file you're editing is in /etc/raddb/radiusd.conf ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html *** Email COnfidentiality Notice *** This message is private and confidential.If you have received this in error, please notify us and remove it from your system. Contact [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL problem!!!
Ackbar Joolia wrote: > Ivan, > I've given all permissions to sql.confnothing...it's still the same. Its > strange, this used to work well before for the previous version of > freeradius. Seems simple, yet!!! > > Any other advice? Is the server reading the file you are editing? ... >>> reread_config: reading radiusd.conf >>> Config: including file: /usr/local/etc/raddb/proxy.conf Maybe the file you're editing is in /etc/raddb/radiusd.conf ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
Ivan, I've given all permissions to sql.confnothing...it's still the same. Its strange, this used to work well before for the previous version of freeradius. Seems simple, yet!!! Any other advice? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 15:50 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! It's not reading sql.conf. Check permissions on that file. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: >HI Ivan >The sql in authorize and accounting are all uncommented. > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL >PROTECTED] >Sent: 02 July 2007 14:16 >To: FreeRadius users mailing list >Subject: RE: Freeradius and MySQL problem!!! > >Have you included sql in your radiusd.conf or are sql entries still >commented out? > >Ivan Kalik >Kalik Informatika ISP > > >Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: > >>Here it is: >>Starting - reading configuration files ... >>reread_config: reading radiusd.conf >>Config: including file: /usr/local/etc/raddb/proxy.conf >>Config: including file: /usr/local/etc/raddb/clients.conf >>Config: including file: /usr/local/etc/raddb/snmp.conf >>Config: including file: /usr/local/etc/raddb/eap.conf >>Config: including file: /usr/local/etc/raddb/sql.conf >> main: prefix = "/usr/local" >> main: localstatedir = "/usr/local/var" >> main: logdir = "/usr/local/var/log/radius" >> main: libdir = "/usr/local/lib" >> main: radacctdir = "/usr/local/var/log/radius/radacct" >> main: hostname_lookups = no >> main: max_request_time = 30 >> main: cleanup_delay = 5 >> main: max_requests = 1024 >> main: delete_blocked_requests = 0 >> main: port = 0 >> main: allow_core_dumps = no >> main: log_stripped_names = no >> main: log_file = "/usr/local/var/log/radius/radius.log" >> main: log_auth = no >> main: log_auth_badpass = no >> main: log_auth_goodpass = no >> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" >> main: user = "(null)" >> main: group = "(null)" >> main: usercollide = no >> main: lower_user = "no" >> main: lower_pass = "no" >> main: nospace_user = "no" >> main: nospace_pass = "no" >> main: checkrad = "/usr/local/sbin/checkrad" >> main: proxy_requests = yes >> proxy: retry_delay = 5 >> proxy: retry_count = 3 >> proxy: synchronous = no >> proxy: default_fallback = yes >> proxy: dead_time = 120 >> proxy: post_proxy_authorize = no >> proxy: wake_all_if_all_dead = no >> security: max_attributes = 200 >> security: reject_delay = 1 >> security: status_server = no >> main: debug_level = 0 >>read_config_files: reading dictionary >>read_config_files: reading naslist >>Using deprecated naslist file. Support for this will go away soon. >>read_config_files: reading clients >>read_config_files: reading realms >>radiusd: entering modules setup >>Module: Library search path is /usr/local/lib >>Module: Loaded exec >> exec: wait = yes >> exec: program = "(null)" >> exec: input_pairs = "request" >> exec: output_pairs = "(null)" >> exec: packet_type = "(null)" >>rlm_exec: Wait=yes but no output defined. Did you mean output=none? >>Module: Instantiated exec (exec) >>Module: Loaded expr >>Module: Instantiated expr (expr) >>Module: Loaded PAP >> pap: encryption_scheme = "crypt" >> pap: auto_header = yes >>Module: Instantiated pap (pap) >>Module: Loaded CHAP >>Module: Instantiated chap (chap) >>Module: Loaded MS-CHAP >> mschap: use_mppe = yes >> mschap: require_encryption = no >> mschap: require_strong = no >> mschap: with_ntdomain_hack = no >> mschap: passwd = "(null)" >> mschap: ntlm_auth = "(null)" >>Module: Instantiated mschap (mschap) >>Module: Loaded System >> unix: cache = no >> unix: passwd = "(null)" >> unix: shadow = "(null)" >> unix: group = "(null)" >> unix: radwtmp = "/usr/local/var/log/radius/radwtmp" >> unix: usegroup = no >> unix: cache_reload = 600 >>Module: Instantiated unix (unix) >>Module: Loaded eap >> eap: default_eap_type = "md5"
RE: Freeradius and MySQL problem!!!
It's not reading sql.conf. Check permissions on that file. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: >HI Ivan >The sql in authorize and accounting are all uncommented. > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL >PROTECTED] >Sent: 02 July 2007 14:16 >To: FreeRadius users mailing list >Subject: RE: Freeradius and MySQL problem!!! > >Have you included sql in your radiusd.conf or are sql entries still >commented out? > >Ivan Kalik >Kalik Informatika ISP > > >Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: > >>Here it is: >>Starting - reading configuration files ... >>reread_config: reading radiusd.conf >>Config: including file: /usr/local/etc/raddb/proxy.conf >>Config: including file: /usr/local/etc/raddb/clients.conf >>Config: including file: /usr/local/etc/raddb/snmp.conf >>Config: including file: /usr/local/etc/raddb/eap.conf >>Config: including file: /usr/local/etc/raddb/sql.conf >> main: prefix = "/usr/local" >> main: localstatedir = "/usr/local/var" >> main: logdir = "/usr/local/var/log/radius" >> main: libdir = "/usr/local/lib" >> main: radacctdir = "/usr/local/var/log/radius/radacct" >> main: hostname_lookups = no >> main: max_request_time = 30 >> main: cleanup_delay = 5 >> main: max_requests = 1024 >> main: delete_blocked_requests = 0 >> main: port = 0 >> main: allow_core_dumps = no >> main: log_stripped_names = no >> main: log_file = "/usr/local/var/log/radius/radius.log" >> main: log_auth = no >> main: log_auth_badpass = no >> main: log_auth_goodpass = no >> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" >> main: user = "(null)" >> main: group = "(null)" >> main: usercollide = no >> main: lower_user = "no" >> main: lower_pass = "no" >> main: nospace_user = "no" >> main: nospace_pass = "no" >> main: checkrad = "/usr/local/sbin/checkrad" >> main: proxy_requests = yes >> proxy: retry_delay = 5 >> proxy: retry_count = 3 >> proxy: synchronous = no >> proxy: default_fallback = yes >> proxy: dead_time = 120 >> proxy: post_proxy_authorize = no >> proxy: wake_all_if_all_dead = no >> security: max_attributes = 200 >> security: reject_delay = 1 >> security: status_server = no >> main: debug_level = 0 >>read_config_files: reading dictionary >>read_config_files: reading naslist >>Using deprecated naslist file. Support for this will go away soon. >>read_config_files: reading clients >>read_config_files: reading realms >>radiusd: entering modules setup >>Module: Library search path is /usr/local/lib >>Module: Loaded exec >> exec: wait = yes >> exec: program = "(null)" >> exec: input_pairs = "request" >> exec: output_pairs = "(null)" >> exec: packet_type = "(null)" >>rlm_exec: Wait=yes but no output defined. Did you mean output=none? >>Module: Instantiated exec (exec) >>Module: Loaded expr >>Module: Instantiated expr (expr) >>Module: Loaded PAP >> pap: encryption_scheme = "crypt" >> pap: auto_header = yes >>Module: Instantiated pap (pap) >>Module: Loaded CHAP >>Module: Instantiated chap (chap) >>Module: Loaded MS-CHAP >> mschap: use_mppe = yes >> mschap: require_encryption = no >> mschap: require_strong = no >> mschap: with_ntdomain_hack = no >> mschap: passwd = "(null)" >> mschap: ntlm_auth = "(null)" >>Module: Instantiated mschap (mschap) >>Module: Loaded System >> unix: cache = no >> unix: passwd = "(null)" >> unix: shadow = "(null)" >> unix: group = "(null)" >> unix: radwtmp = "/usr/local/var/log/radius/radwtmp" >> unix: usegroup = no >> unix: cache_reload = 600 >>Module: Instantiated unix (unix) >>Module: Loaded eap >> eap: default_eap_type = "md5" >> eap: timer_expire = 60 >> eap: ignore_unknown_eap_types = no >> eap: cisco_accounting_username_bug = no >>rlm_eap: Loaded and initialized type md5 >>rlm_eap: Loaded and initialized type leap >> gtc: challenge = "Password: " >> gtc: auth_type = "PAP" >>rlm_eap: Loaded and initialized type gtc >> mschapv2: with_ntdomain_hack = no >>rlm_eap:
RE: Freeradius and MySQL problem!!!
HI Ivan The sql in authorize and accounting are all uncommented. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 02 July 2007 14:16 To: FreeRadius users mailing list Subject: RE: Freeradius and MySQL problem!!! Have you included sql in your radiusd.conf or are sql entries still commented out? Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: >Here it is: >Starting - reading configuration files ... >reread_config: reading radiusd.conf >Config: including file: /usr/local/etc/raddb/proxy.conf >Config: including file: /usr/local/etc/raddb/clients.conf >Config: including file: /usr/local/etc/raddb/snmp.conf >Config: including file: /usr/local/etc/raddb/eap.conf >Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/usr/local/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/local/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = no > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 >read_config_files: reading dictionary >read_config_files: reading naslist >Using deprecated naslist file. Support for this will go away soon. >read_config_files: reading clients >read_config_files: reading realms >radiusd: entering modules setup >Module: Library search path is /usr/local/lib >Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" >rlm_exec: Wait=yes but no output defined. Did you mean output=none? >Module: Instantiated exec (exec) >Module: Loaded expr >Module: Instantiated expr (expr) >Module: Loaded PAP > pap: encryption_scheme = "crypt" > pap: auto_header = yes >Module: Instantiated pap (pap) >Module: Loaded CHAP >Module: Instantiated chap (chap) >Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: ntlm_auth = "(null)" >Module: Instantiated mschap (mschap) >Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/usr/local/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 >Module: Instantiated unix (unix) >Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no >rlm_eap: Loaded and initialized type md5 >rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" >rlm_eap: Loaded and initialized type gtc > mschapv2: with_ntdomain_hack = no >rlm_eap: Loaded and initialized type mschapv2 >Module: Instantiated eap (eap) >Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > preprocess: with_alvarion_vsa_hack = no >Module: Instantiated preprocess (preprocess) >Module: Loaded realm > realm: format = "suffix" > realm: delimiter = &q
RE: Freeradius and MySQL problem!!!
gt; files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> files: compat = "no"
>Module: Instantiated files (files)
>Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
>Module: Instantiated acct_unique (acct_unique)
>Module: Loaded detail
> detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
>Module: Instantiated detail (detail)
>Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: case_sensitive = yes
> radutmp: check_with_nas = yes
> radutmp: perm = 384
> radutmp: callerid = yes
>Module: Instantiated radutmp (radutmp)
>Listening on authentication *:1812
>Listening on accounting *:1813
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL
>PROTECTED]
>Sent: 02 July 2007 12:38
>To: FreeRadius users mailing list
>Subject: Re: Freeradius and MySQL problem!!!
>
>You haven't posted your radiusd -X output.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše:
>
>>Dear all,
>>
>>I have been using freeradius properly configured with mysql for some
>>time now. However it suddenly stopped working. What more, I upgraded to
>>the 1.6 version, and now when I run radiusd -X, it doesn't even show
>>that its tied in with the MySQL database...
>>
>>
>>Can anyone please help me? I have done all the right things i.e. sql in
>>radius.conf, but its not tying in with the mysql database. Am I missing
>>anything obvious ???
>>
>>
>>Thanks
>>
>>Al
>>
>>
>>
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>*** Email COnfidentiality Notice ***
>This message is private and confidential.If you have received this in error,
>please notify us and remove it from your system. Contact [EMAIL PROTECTED]
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL problem!!!
username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 02 July 2007 12:38
To: FreeRadius users mailing list
Subject: Re: Freeradius and MySQL problem!!!
You haven't posted your radiusd -X output.
Ivan Kalik
Kalik Informatika ISP
Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše:
>Dear all,
>
>I have been using freeradius properly configured with mysql for some
>time now. However it suddenly stopped working. What more, I upgraded to
>the 1.6 version, and now when I run radiusd -X, it doesn't even show
>that its tied in with the MySQL database...
>
>
>Can anyone please help me? I have done all the right things i.e. sql in
>radius.conf, but its not tying in with the mysql database. Am I missing
>anything obvious ???
>
>
>Thanks
>
>Al
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*** Email COnfidentiality Notice ***
This message is private and confidential.If you have received this in error,
please notify us and remove it from your system. Contact [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL problem!!!
You haven't posted your radiusd -X output. Ivan Kalik Kalik Informatika ISP Dana 2/7/2007, "Ackbar Joolia" <[EMAIL PROTECTED]> piše: >Dear all, > >I have been using freeradius properly configured with mysql for some >time now. However it suddenly stopped working. What more, I upgraded to >the 1.6 version, and now when I run radiusd -X, it doesn't even show >that its tied in with the MySQL database... > > >Can anyone please help me? I have done all the right things i.e. sql in >radius.conf, but its not tying in with the mysql database. Am I missing >anything obvious ??? > > >Thanks > >Al > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
I check it freeradius scripts rc.radiusd .it is same as /usr/local/sbin/rc.radiusd. I am using operating system fedora core 4 and chillispot is chillispot-1.0.i386.rpm and freeradius is freeradius-1.1.0.tar.gz . and whenever i reboot the radiusd server there is the error in radiusd log file like Sun Nov 26 11:00:51 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Sun Nov 26 11:00:51 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[10] Failed to link to module 'rlm_eap': /usr/local/lib/rlm_eap-1.1.0.so: cannot restore segment prot after reloc: Permission denied Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[1749] Unknown module "eap". Sun Nov 26 11:00:51 2006 : Error: radiusd.conf[1696] Failed to parse authenticate section. and when i start the radiusd by typing /usr/src/sbin/radiusd , radiusd server run and it has radiusd log file like Sun Nov 26 11:46:10 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Sun Nov 26 11:46:10 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Sun Nov 26 11:46:10 2006 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sun Nov 26 11:46:10 2006 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/mypaid Sun Nov 26 11:46:10 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Sun Nov 26 11:46:11 2006 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Sun Nov 26 11:46:11 2006 : Info: Ready to process requests. so , how to run this radiusd server at boot time not by manully starting everytime when server is restart. regards rina Hernan Antolini wrote: > > Check the scripts dir that came with the freeradius source; there is a > rc.radiusd file to do that. > regards > Hernan Antolini > > [EMAIL PROTECTED] wrote on > 11/24/2006 03:52:53 AM: > >> >> hello >> i configure chillispot and freeradius and it is working. But >> whenever i reboot this radiusd server i have to run manually all the > time. >> So how to run this radiusd server at boot time. >> chillispot ,apche and mysql all run at boot time but radiusd > is >> not.i try it by writing script in /etc/rc.local and also directly copy >> /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So >> please give me any ideas to start radiusd server at boot time. >> >> regards >> rina >> >> >> >> Diniz Da Rocha wrote: >> > >> > HI, >> > >> > I have currently setup FreeRadius 1.0.4 with ldap authentication and >> > authorization as well as mysql authorization and its all working fine. > My >> > only problem is that when I boot the server (Fedora Core 4) and > radiusd >> > starts up there is a rlm_sql_mysql error: >> > >> > Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect >> > unconnected handle 4.. >> > Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to > MySQL >> > server for #4 >> > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect > socket >> > to >> > MySQL server [EMAIL PROTECTED]:radius >> > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't >> > connect >> > to MySQL server on 'myip' (13)' >> > Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB >> > handle >> > #4 >> > >> > >> > The MySQL server is on another server with ip "myip" I initially > thought >> > it >> > was a firewall block but even with no firewall I get this error. But > once >> > the server has started and I run "service radiusd restart" from a > terminal >> > the connect to the MySQL server works fine and has no problems. I even >> > tried >> > running the service from rc.local but it still fails did anyone have > this >> > problem??? is anyone running the MySQL server on another machine > Is >> > there a fix for this??? >> > >> > thanks >> > >> > diniz >> > >> > - >> > List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html >> > >> >> -- >> View this message in context: http://www.nabble.com/FreeRadius-and- >> MySQL-boot-problem-tf1191658.html#a7518565 >> Sent from the FreeRadius - User mailing list archive at Nabble.com. >> >> - >> List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://www.nabble.com/FreeRadius-and-MySQL-boot-problem-tf1191658.html#a7545147 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/l
Re: FreeRadius and MySQL boot problem
Check the scripts dir that came with the freeradius source; there is a rc.radiusd file to do that. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/24/2006 03:52:53 AM: > > hello > i configure chillispot and freeradius and it is working. But > whenever i reboot this radiusd server i have to run manually all the time. > So how to run this radiusd server at boot time. > chillispot ,apche and mysql all run at boot time but radiusd is > not.i try it by writing script in /etc/rc.local and also directly copy > /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So > please give me any ideas to start radiusd server at boot time. > > regards > rina > > > > Diniz Da Rocha wrote: > > > > HI, > > > > I have currently setup FreeRadius 1.0.4 with ldap authentication and > > authorization as well as mysql authorization and its all working fine. My > > only problem is that when I boot the server (Fedora Core 4) and radiusd > > starts up there is a rlm_sql_mysql error: > > > > Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect > > unconnected handle 4.. > > Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL > > server for #4 > > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket > > to > > MySQL server [EMAIL PROTECTED]:radius > > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't > > connect > > to MySQL server on 'myip' (13)' > > Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB > > handle > > #4 > > > > > > The MySQL server is on another server with ip "myip" I initially thought > > it > > was a firewall block but even with no firewall I get this error. But once > > the server has started and I run "service radiusd restart" from a terminal > > the connect to the MySQL server works fine and has no problems. I even > > tried > > running the service from rc.local but it still fails did anyone have this > > problem??? is anyone running the MySQL server on another machine Is > > there a fix for this??? > > > > thanks > > > > diniz > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > View this message in context: http://www.nabble.com/FreeRadius-and- > MySQL-boot-problem-tf1191658.html#a7518565 > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
hello i configure chillispot and freeradius and it is working. But whenever i reboot this radiusd server i have to run manually all the time. So how to run this radiusd server at boot time. chillispot ,apche and mysql all run at boot time but radiusd is not.i try it by writing script in /etc/rc.local and also directly copy /usr/local/sbin/radiusd file to /etc/rc.d/init.d but it don't work . So please give me any ideas to start radiusd server at boot time. regards rina Diniz Da Rocha wrote: > > HI, > > I have currently setup FreeRadius 1.0.4 with ldap authentication and > authorization as well as mysql authorization and its all working fine. My > only problem is that when I boot the server (Fedora Core 4) and radiusd > starts up there is a rlm_sql_mysql error: > > Wed Feb 15 18:38:51 2006 : Info: rlm_sql (sql): Trying to (re)connect > unconnected handle 4.. > Wed Feb 15 18:38:51 2006 : Info: rlm_sql_mysql: Starting connect to MySQL > server for #4 > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Couldn't connect socket > to > MySQL server [EMAIL PROTECTED]:radius > Wed Feb 15 18:38:51 2006 : Error: rlm_sql_mysql: Mysql error 'Can't > connect > to MySQL server on 'myip' (13)' > Wed Feb 15 18:38:51 2006 : Error: rlm_sql (sql): Failed to connect DB > handle > #4 > > > The MySQL server is on another server with ip "myip" I initially thought > it > was a firewall block but even with no firewall I get this error. But once > the server has started and I run "service radiusd restart" from a terminal > the connect to the MySQL server works fine and has no problems. I even > tried > running the service from rc.local but it still fails did anyone have this > problem??? is anyone running the MySQL server on another machine Is > there a fix for this??? > > thanks > > diniz > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://www.nabble.com/FreeRadius-and-MySQL-boot-problem-tf1191658.html#a7518565 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql fails
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > first its 'local' and with sql its 'system', is this ok? That's what you told it to do. > id UserNameAttribute Value op > 3 test1 User-Password $1$BnzqweeZ$EJ66Aqwe0/YANJdc8hBC/ := That's not a clear-text password. It's a crypt'd password. You should be using the Crypt-Password attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and MySQL
Hello Jeremy, PLEASE ! SPECIFY YOUR PROBLEM ! you have sent 2-3 comments to the mailing list and nobody ( besides Alan ) wanted to respond! Why? No needed information ( aka I have car, car has tires, but I cannot drive, why? ). You are using db. Okay. What DB? Firebird, MySql, MSSQL, Oracle? How does your config looks like? Send us the debug output of freeradius! We cannot help you without information ( or do you expect us to hack into your server to get some info about your config ?? ). Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Jeremy ohara Sent: Donnerstag, 11. Mai 2006 20:23 To: freeradius-users@lists.freeradius.org Subject: Freeradius and MySQL Hi there i have free radius updated on fedora. got a mysql database. but from what i'm noticing its not being check on the database. got dialupadmin installed and using that to put the accounts into the database. and have setup freeradisu with the db Jeremy This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and mysql
quick, very short and uncomplete answer :) *check tables:information which have to be checked from freeRADIUS, like user & password *reply tables:information which freeRADIUS sends back to your NAS (e.g. IP-pool, data rate etc.) *acct tables: here are the accounting information stored by freeRADIUS usergroup: assigning users to groups nas: for your NAS information (IP, secret, snmp community etc.) regards, Olaf -- Olaf Schaefer <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and mysql
"Mario Casola" <[EMAIL PROTECTED]> wrote: > Hello, I've installed freeradius and I've configured it to comunicate with > mysql...all work fine, but I don't understand the meaning of the mysql > database structure and all the possible values I can put in the database...if > someone could illuminate me. doc/rlm_sql Run the server in debugging mode, and send it packets. The text it prints out "foo = bar" is pretty much what you put into SQL. if you need to know what the text is, buy the O'Reilly book. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
"Diniz Da Rocha" <[EMAIL PROTECTED]> wrote: > do you know how long it *should* take before retrying?? Why ask me? See the server source. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
I also had that impression so I did a sleep for 30 secs but still no luck, I was wondering if it has something to do with the user who runs at startup if its not root??? but havent any info on this yet... what os are you running your FreeRadius on??? On 2/28/06, Dennis Skinner <[EMAIL PROTECTED]> wrote: Diniz Da Rocha wrote:> The MySQL server is on another server with ip "myip" I initially thought > it was a firewall block but even with no firewall I get this error. But> once the server has started and I run "service radiusd restart" from a> terminal the connect to the MySQL server works fine and has no problems. > I even tried running the service from rc.local but it still fails did> anyone have this problem??? is anyone running the MySQL server on> another machine Is there a fix for this???Our SQL server is on another machine and works fine on reboots. It looks like your networking service may not be completely up andfunctional before radius starts. Add a sleep for 10 or 20sec inrc.local before FR starts and see what happens.--Dennis SkinnerSystems Administrator BlueFrog Internethttp://www.bluefrog.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
do you know how long it *should* take before retrying?? On 2/27/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Diniz Da Rocha" <[EMAIL PROTECTED]> wrote:> The MySQL server is on another server with ip "myip" I initially thought it > was a firewall block but even with no firewall I get this error. But once> the server has started and I run "service radiusd restart" from a terminal> the connect to the MySQL server works fine and has no problems. I even tried > running the service from rc.local but it still fails did anyone have this> problem??? is anyone running the MySQL server on another machine Is> there a fix for this???The server *should* re-connect to MySQL after a period of time. If it doesn't, it's a bug.Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
Diniz Da Rocha wrote: > The MySQL server is on another server with ip "myip" I initially thought > it was a firewall block but even with no firewall I get this error. But > once the server has started and I run "service radiusd restart" from a > terminal the connect to the MySQL server works fine and has no problems. > I even tried running the service from rc.local but it still fails did > anyone have this problem??? is anyone running the MySQL server on > another machine Is there a fix for this??? Our SQL server is on another machine and works fine on reboots. It looks like your networking service may not be completely up and functional before radius starts. Add a sleep for 10 or 20sec in rc.local before FR starts and see what happens. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySQL boot problem
"Diniz Da Rocha" <[EMAIL PROTECTED]> wrote: > The MySQL server is on another server with ip "myip" I initially thought it > was a firewall block but even with no firewall I get this error. But once > the server has started and I run "service radiusd restart" from a terminal > the connect to the MySQL server works fine and has no problems. I even tried > running the service from rc.local but it still fails did anyone have this > problem??? is anyone running the MySQL server on another machine Is > there a fix for this??? The server *should* re-connect to MySQL after a period of time. If it doesn't, it's a bug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
if i include the user file, - rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): No matching entry in the database for request from user [luqe] rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns notfound for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [luqe] (from client dns port 1812) Sending Access-Accept of id 4 to 127.0.0.1:32810 Finished request 1 -- it successfully authenticate using 'user' file... but still fail with mysql.. with: No matching entry in the database ... so maybe the problem is in my data table that not correctly filled so here again i list my table data, please correct it to match the freeradius-1.0.5 requirement... - mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'luqe' ORDER BY id; +-+--+---+--++ | id | UserName | Attribute | Value| op | +-+--+---+--++ | 553 | luqe | User-Password | mypassword | := | +-+--+---+--++ 1 row in set (0.00 sec) mysql> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; ++---+--+---++ | id | GroupName | Attribute| Value | op | ++---+--+---++ | 3 | dial-up | Auth-Type| Local | := | | 4 | dial-up | Simultaneous-Use | 1 | == | ++---+--+---++ 2 rows in set (0.00 sec) mysql> SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'luqe' ORDER BY id; +-+--+---+-++ | id | UserName | Attribute | Value | op | +-+--+---+-++ | 553 | luqe | User-Password | mypassword| := | | 554 | luqe | Framed-IP-Address | 192.168.1.2 | := | | 558 | luqe | Simultaneous-Use | 2 | = | +-+--+---+-++ 3 rows in set (0.00 sec) mysql> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'luqe' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; ++---++-++ | id | GroupName | Attribute | Value | op | ++---++-++ | 4 | dial-up | Service-Type | Framed-User | := | | 5 | dial-up | Framed-Protocol| PPP | := | | 7 | dial-up | Framed-Compression | Van-Jacobson-TCP-IP | := | ++---++-++ 3 rows in set (0.02 sec) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
2005/10/25, Lewis Bergman <[EMAIL PROTECTED]>: > > mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE > > Username = 'luqe' ORDER BY id; > > +-+--+---+--++ > > | id | UserName | Attribute | Value| op | > > +-+--+---+--++ > > | 553 | luqe | User-Password | mypassword | == | > > +-+--+---+--++ > > 1 row in set (0.00 sec) > Try := in the op field and see if a match is found. i've try change the op field to := and still got this ... - rlm_sql (sql): No matching entry in the database for request from user [luqe] rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql - no matching entry in db
Luqman H said: > No matching entry in the database for request from user [luqe] > but if i'm quering manually on mysql: > mysql> SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE > Username = 'luqe' ORDER BY id; > +-+--+---+--++ > | id | UserName | Attribute | Value| op | > +-+--+---+--++ > | 553 | luqe | User-Password | mypassword | == | > +-+--+---+--++ > 1 row in set (0.00 sec) Try := in the op field and see if a match is found. -- Lewis Bergman Texas Communications 4309 Maple ST. Abilene, TX 79602 325-691-3301 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and MySQL 4.1.12-1
Hello
shell> mysql
Client does not support authentication protocol requested
by server; consider upgrading MySQL client
To solve this problem, you should use one of the following approaches:
Upgrade all client programs to use a 4.1.1 or newer client library.
When connecting to the server with a pre-4.1 client program, use an account
that still has a pre-4.1-style password.
Reset the password to pre-4.1 style for each user that needs to use a
pre-4.1 client program. This can be done using the SET PASSWORD statement
and the OLD_PASSWORD() function:
mysql> SET PASSWORD FOR
-> 'some_user'@'some_host' = OLD_PASSWORD('newpwd');
Alternatively, use UPDATE and FLUSH PRIVILEGES:
mysql> UPDATE mysql.user SET Password = OLD_PASSWORD('newpwd')
-> WHERE Host = 'some_host' AND User = 'some_user';
mysql> FLUSH PRIVILEGES;
http://dev.mysql.com/doc/mysql/en/old-client.html
Regards
Reza
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, July 22, 2005 2:54 PM
To: freeradius-users@lists.freeradius.org
Subject: freeradius and MySQL 4.1.12-1
Hi,
I have a Suse 9.2 server with the 64-bits 4.1.12-1 MySQL version (I need
the MySQL 4.1 database for another applications).
I want to have a radius server on this server.
The freeradius-1.0.0-5.5.x86_64.rpm package is installed and the radius
database is created and filled correctly.
The radius configuration files are OK to ask sql before files.
The database server/login/password/radius_db are set in the sql.conf file.
When I make a test with radtest, I can see in the radius log :
Wed Jul 20 16:25:37 2005 : Info: rlm_exec: Wait=yes but no output defined.
Did you mean output=none?
Wed Jul 20 16:25:37 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql
(module rlm_sql_mysql) loaded and linked
Wed Jul 20 16:25:37 2005 : Info: rlm_sql (sql): Attempting to connect to
[EMAIL PROTECTED]:/radius
Wed Jul 20 16:25:37 2005 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Jul 20 16:25:37 2005 : Error: rlm_sql_mysql: Couldn't connect socket to
MySQL server [EMAIL PROTECTED]:radius
Wed Jul 20 16:25:37 2005 : Error: rlm_sql_mysql: Mysql error 'Client does
not support authentication protocol requested by server; consider upgrading
MySQL client'
Wed Jul 20 16:25:37 2005 : Error: rlm_sql (sql): Failed to connect DB
handle #0
Wed Jul 20 16:25:37 2005 : Info: Ready to process requests.
I think that's typically the error occured if a 4.0.x client try to connect
a 4.1.x database with the 4.0 protocol.
My question :
How update the MySQL client version of freeradius to 4.1 protocol ?
Thanks in advance,
Didier Wintgens
E-mail : [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and MySQL 4.1.12-1
Didier Wintgens wrote: > How update the MySQL client version of freeradius to 4.1 protocol ? Don't use the RPM package and rebuild FreeRADIUS from source against MySQL 4.1 client library. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL -- missing libraries?
On Fri, Apr 01, 2005 at 12:42:18PM -0800, Rick Kunkel wrote: > Hello all, > When I run an ldd though, I see this: > # ldd rlm_sql_mysql.so > libmysqlclient.so.12 => not found > libz.so.1 => /usr/lib/libz.so.1 (0x4000b000) > libcrypt.so.1 => /lib/libcrypt.so.1 (0x40019000) > libnsl.so.1 => /lib/libnsl.so.1 (0x40046000) > libm.so.6 => /lib/libm.so.6 (0x4005a000) > libc.so.6 => /lib/libc.so.6 (0x4007b000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) > > Am I getting that error in debugging more since libmysqlclient.so.12 is > missing, which causes rlm_sql_mysql.so to fail as well? Yes. > OK..on the OTHER RADIUS machine, when attempting to implement SQL, I get: > rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and > linked > rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius > rlm_sql (sql): starting 0 > rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 > rlm_sql_mysql: Starting connect to MySQL server for #0 > rlm_sql_mysql: Couldn't connect socket to MySQL server > [EMAIL PROTECTED]:radius > rlm_sql_mysql: Mysql error 'Client does not support authentication > protocol requested by server; consider upgrading MySQL client' > This machine DOES have the libmysqlclient libraries, but maybe they're too > old? That's right. You'll find you've got a mySQL 4.1 server, and libmysqlclient.so.10 (from mySQL 3.x) installed. They won't work together out of the box. You can tell the mySQL server to use the old style of password authentication, as a workaround, I believe. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Fri, Apr 01, 2005 at 01:34:37AM +0200, Wolfram Schlich wrote: > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-19 13:11]: > > * Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > > > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > [ FreeRADIUS + MySQL + SSL ] > > > > Ok, I have sat down and hacked something together, with a little help > > > > from a friend. I probably did something wrong or suboptimal (as I > > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > > Here's the patch: > > > > > > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > > > [...] > > > I don't > > > give it much chance of getting into 1.0.3, especially since MySQL don't > > > distribute SSL-enabled binaries. > > > > What does the MySQL client distribution policy have to do > > with this?! *wonder* > > > > > They're apparently moving away from > > > OpenSSL in the server, but no indication that they're going to > > > un-OpenSSL the _client_ libraries. [1] [2] > > > > Well, OpenSSL or GnuTLS -- it doesn't matter as long as the > > MySQL protocol keeps supporting SSL'd connections... > > I have posted a comment to [2] in order to get some more information > > from that MySQL guy. > > There's some news: MySQL is going for yaSSL in the 5.0 tree: > > http://bugs.mysql.com/bug.php?id=8508&error=lp > > Anyway, it won't affect the mysql_ssl_set() function I guess. Hmm. For the record, [1] too. Yassl looks interesting. You're right though, as long as they don't change the libmysqlclient API, all the previous comments about protecting it with a #define based on a header function check are sufficient. [1] http://bugs.mysql.com/bug.php?id=6924 -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-19 13:11]: > * Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > [ FreeRADIUS + MySQL + SSL ] > > > Ok, I have sat down and hacked something together, with a little help > > > from a friend. I probably did something wrong or suboptimal (as I > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > Here's the patch: > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > [...] > > I don't > > give it much chance of getting into 1.0.3, especially since MySQL don't > > distribute SSL-enabled binaries. > > What does the MySQL client distribution policy have to do > with this?! *wonder* > > > They're apparently moving away from > > OpenSSL in the server, but no indication that they're going to > > un-OpenSSL the _client_ libraries. [1] [2] > > Well, OpenSSL or GnuTLS -- it doesn't matter as long as the > MySQL protocol keeps supporting SSL'd connections... > I have posted a comment to [2] in order to get some more information > from that MySQL guy. There's some news: MySQL is going for yaSSL in the 5.0 tree: http://bugs.mysql.com/bug.php?id=8508&error=lp Anyway, it won't affect the mysql_ssl_set() function I guess. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Paul Hampson <[EMAIL PROTECTED]> [2005-03-20 03:50]: > On Sat, Mar 19, 2005 at 02:06:56PM +0100, Wolfram Schlich wrote: > > * Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > > > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > [ MySQL+SSL patch for FreeRADIUS ] > > > > Ok, I have sat down and hacked something together, with a little help > > > > from a friend. I probably did something wrong or suboptimal (as I > > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > > Here's the patch: > > > > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > Please remember to post patches to the list for easier discussion. > > > Ok, sorry. > > > > And also, this sort of patch would probably be best against HEAD. > > > > The patch wasn't meant as an official submission for upstream, but > > as a basis for a discussion :) > > Yeah, sorry about that. I didn't notice this was on -user intead of > -devel, and treated it as if it was on the latter. >_< Not your fault. I should have labelled it accordingly :-) > > > I don't > > > give it much chance of getting into 1.0.3, especially since MySQL don't > > > distribute SSL-enabled binaries. > > > > What does the MySQL client distribution policy have to do > > with this?! *wonder* > > Basically, things going into 1.0.3 (if it happens) are bug fixes, not > feature changes. The fact that you have to recompile your mySQL locally > anyway to enable SSL makes it reasonable to me to say this change is > something you can patch in yourself as well. Well, using Gentoo Linux for example, when you have the 'ssl' USE flag set, which is the default, MySQL will be compiled with SSL support right from the start, so there's no need to re-compile it if you have already installed it. > If upstream binaries were coming SSL-enabled, we could almost build a > case that this is a bug, rather than a new feature. I still don't see why we have to depend the inclusion of this kind of functionality on MySQL distribution binaries. It doesn't affect Gentoo or other source based distros at all for example. > Still, it has to get into HEAD before I'll consider it for 1.0.3, so one > hurdle at a time. Ok. I will post something to -devel asking for help on how to deal with it :o) > > > They're apparently moving away from > > > OpenSSL in the server, but no indication that they're going to > > > un-OpenSSL the _client_ libraries. [1] [2] > > > Well, OpenSSL or GnuTLS -- it doesn't matter as long as the > > MySQL protocol keeps supporting SSL'd connections... > > I have posted a comment to [2] in order to get some more information > > from that MySQL guy. > > It matters as far as distributing binaries goes. You can't distribute a > binary that links GPL code without any exception (such as FreeRADIUS and > many of its depended-on libraries) with OpenSSL. Ah, of course. But well, binaries is just an additional form of distribution for me, source is the main one IMHO. You could disable SSL by default in the configure script btw. > It's slightly more complicated than that, but there is a license issue > of some kind which needs to be looked out for. It doesn't really affect > _us_, but it's something to be mindful of when playing with these > things. Yup, thanks for your thoughts. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Sat, Mar 19, 2005 at 02:06:56PM +0100, Wolfram Schlich wrote: > * Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > > Hey guys, > > > > > we would like to implement the following setup: > > > > > - FreeRADIUS radiusd on machine A > > > > > - MySQL mysqld on machine B > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > It looks like you need to call mysql_ssl_set() with the needed > > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > Any volunteers for coding a test implementation? :) > > > Ok, I have sat down and hacked something together, with a little help > > > from a friend. I probably did something wrong or suboptimal (as I > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > Here's the patch: > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > Please remember to post patches to the list for easier discussion. > Ok, sorry. > > And also, this sort of patch would probably be best against HEAD. > > The patch wasn't meant as an official submission for upstream, but > as a basis for a discussion :) Yeah, sorry about that. I didn't notice this was on -user intead of -devel, and treated it as if it was on the latter. >_< > > I don't > > give it much chance of getting into 1.0.3, especially since MySQL don't > > distribute SSL-enabled binaries. > > What does the MySQL client distribution policy have to do > with this?! *wonder* Basically, things going into 1.0.3 (if it happens) are bug fixes, not feature changes. The fact that you have to recompile your mySQL locally anyway to enable SSL makes it reasonable to me to say this change is something you can patch in yourself as well. If upstream binaries were coming SSL-enabled, we could almost build a case that this is a bug, rather than a new feature. Still, it has to get into HEAD before I'll consider it for 1.0.3, so one hurdle at a time. > > They're apparently moving away from > > OpenSSL in the server, but no indication that they're going to > > un-OpenSSL the _client_ libraries. [1] [2] > Well, OpenSSL or GnuTLS -- it doesn't matter as long as the > MySQL protocol keeps supporting SSL'd connections... > I have posted a comment to [2] in order to get some more information > from that MySQL guy. It matters as far as distributing binaries goes. You can't distribute a binary that links GPL code without any exception (such as FreeRADIUS and many of its depended-on libraries) with OpenSSL. It's slightly more complicated than that, but there is a license issue of some kind which needs to be looked out for. It doesn't really affect _us_, but it's something to be mindful of when playing with these things. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > Hey guys, > > > > > we would like to implement the following setup: > > > > - FreeRADIUS radiusd on machine A > > > > - MySQL mysqld on machine B > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > It looks like you need to call mysql_ssl_set() with the needed > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > Any volunteers for coding a test implementation? :) > > > Ok, I have sat down and hacked something together, with a little help > > from a friend. I probably did something wrong or suboptimal (as I > > said, I am not a C coder), but at a first glance, it seems to work fine. > > Here's the patch: > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > Please remember to post patches to the list for easier discussion. Ok, sorry. > And also, this sort of patch would probably be best against HEAD. The patch wasn't meant as an official submission for upstream, but as a basis for a discussion :) > I don't > give it much chance of getting into 1.0.3, especially since MySQL don't > distribute SSL-enabled binaries. What does the MySQL client distribution policy have to do with this?! *wonder* > They're apparently moving away from > OpenSSL in the server, but no indication that they're going to > un-OpenSSL the _client_ libraries. [1] [2] Well, OpenSSL or GnuTLS -- it doesn't matter as long as the MySQL protocol keeps supporting SSL'd connections... I have posted a comment to [2] in order to get some more information from that MySQL guy. > That said, this patch looks OK to me, although it does raise the > question of when that function was added to the mySQL client library. 4.0.x IIRC > It's not a problem if the client was built without SSL support, as the > function will still exist and run, but is effectively a no-op. [3] Yup. > I'd maybe be happier if it was a configure option, so that people who > _need_ to link against the LGPL libmysqlclient10 (or whatever it's > called outside Debian. ^_^) don't get stuck unable to build > rlm_sql_mysql. And with that configure option, I expect the configure > help to mention what version of the client library is needed. ^_^ Good idea. > (For reference, a quick check in Debian suggests that in 3.23.49, > the function is only present if mySQL was compiled with --with-ssl, > while in 4.0.23 it was always available. So this _does_ have to be > done before it can be accepted.) Oh, I didn't know 3.23.x did support SSL to whatever extent :) > If you like, you can probably make it a configure test that checks > for mysql_ssl_set being available in mysql.h, and flags it accordingly > to make it easier for the user. (eg. They have to do exactly nothing > to use their SSL-enabled libmysqlclient with FreeRADIUS.) This should > only be a line or two in configure.in. ^_^ Agreed. I guess I'll email the -devel list and ask the developers about their opionion to probe for a possible inclusion of the SSL functionality into upstream. Thanks for your input! > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291945 > [2] http://bugs.mysql.com/bug.php?id=8508 > [3] http://dev.mysql.com/doc/mysql/en/mysql-ssl-set.html -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 13:17]: > On Sat, 19 Mar 2005 04:14:11 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > > * Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 04:05]: > > > On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> > > > wrote: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > > > Hey guys, > > > > > > > > > > > > we would like to implement the following setup: > > > > > > - FreeRADIUS radiusd on machine A > > > > > > - MySQL mysqld on machine B > > > > > > > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > > > secured connection. Does FreeRADIUS support SSL for MySQL > > > > > > connections? > > > > > > > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as > > > > > well > > > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > > > > > > > It looks like you need to call mysql_ssl_set() with the needed > > > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > > > > > > > Any volunteers for coding a test implementation? :) > > > > > > > > Ok, I have sat down and hacked something together, with a little help > > > > from a friend. I probably did something wrong or suboptimal (as I > > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > > Here's the patch: > > > > > > > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > > > > > Please feel invited to test it and eventually fix any bugs you find :-) > > > > > > All you need is stunnel. > > > > Yeah, right -- because MySQL supports SSL right out of the box, I will > > use another piece of external software. EBADIDEA. > > With MySQL-4, there's no need for such a kludgy workaround anymore. > > I never said to use stunnel on the box with MySQL. > Use it on the box with Freeradius As far as I can tell MySQL doesn't use SSL as one might think at first, it uses the standard (unencrypted) MySQL protocol to make a handshake with the peer and negotiate SSL flags, then it switches to SSL secured communication, so I doubt it'd work the way you suggested. I'm open to a counter-evidence, of course :) > and dont use untested > patches on what I take is gonna be a production server. That's what I'm doing all this for, to get it tested and maybe some kind of "approved" by the FreeRADIUS maintainers. Nonetheless this patch is only for _enabling_ already tested functionality (from the MySQL client library), so it won't be a big deal anyway -- either it works, or it doesn't, you'll notice it right at the start :) > Stunnel is very stable and reliable. I think you are right, but that still doesn't make me want to use it for the forementioned scenario :) I use stunnel for software which doesn't support SSL _at all_, but MySQL does -- FreeRADIUS just lacks a few lines of code for enabling it. > Anyway, I'd rather make SSL connection between two MySQL servers > with database replication and make your radius talk to the one > local to it. That would be even more overhead than the use of stunnel. I still don't see a logical reason to forego the native MySQL4 SSL implementation for an external 3rd party one. Anyway, this discussion was not meant to be about personal taste. So, if you'd go for stunnel, I'm absolutely fine with that :) If you have to say something regarding the patch _besides_ philosophical aspects, feel free to participate. Thanks. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
I never said to use stunnel on the box with MySQL. Use it on the box with Freeradius and dont use untested patches on what I take is gonna be a production server. Stunnel is very stable and reliable. Anyway, I'd rather make SSL connection between two MySQL servers with database replication and make your radius talk to the one local to it. And be nice, "Yeah, right" is not something you say asking strangers for advices. On Sat, 19 Mar 2005 04:14:11 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > * Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 04:05]: > > On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> > > wrote: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > > Hey guys, > > > > > > > > > > we would like to implement the following setup: > > > > > - FreeRADIUS radiusd on machine A > > > > > - MySQL mysqld on machine B > > > > > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > > > > > It looks like you need to call mysql_ssl_set() with the needed > > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > > > > > Any volunteers for coding a test implementation? :) > > > > > > Ok, I have sat down and hacked something together, with a little help > > > from a friend. I probably did something wrong or suboptimal (as I > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > Here's the patch: > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > > > Please feel invited to test it and eventually fix any bugs you find :-) > > > > All you need is stunnel. > > Yeah, right -- because MySQL supports SSL right out of the box, I will > use another piece of external software. EBADIDEA. > With MySQL-4, there's no need for such a kludgy workaround anymore. > -- > Wolfram Schlich > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards, M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > Hey guys, > > > we would like to implement the following setup: > > > - FreeRADIUS radiusd on machine A > > > - MySQL mysqld on machine B > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > as the mysql sources (/usr/include/mysql/mysql.h). > > It looks like you need to call mysql_ssl_set() with the needed > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > call, which is located in line 76 of the sql_mysql.c file (at least in > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > Any volunteers for coding a test implementation? :) > Ok, I have sat down and hacked something together, with a little help > from a friend. I probably did something wrong or suboptimal (as I > said, I am not a C coder), but at a first glance, it seems to work fine. > Here's the patch: > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please remember to post patches to the list for easier discussion. And also, this sort of patch would probably be best against HEAD. I don't give it much chance of getting into 1.0.3, especially since MySQL don't distribute SSL-enabled binaries. They're apparently moving away from OpenSSL in the server, but no indication that they're going to un-OpenSSL the _client_ libraries. [1] [2] That said, this patch looks OK to me, although it does raise the question of when that function was added to the mySQL client library. It's not a problem if the client was built without SSL support, as the function will still exist and run, but is effectively a no-op. [3] I'd maybe be happier if it was a configure option, so that people who _need_ to link against the LGPL libmysqlclient10 (or whatever it's called outside Debian. ^_^) don't get stuck unable to build rlm_sql_mysql. And with that configure option, I expect the configure help to mention what version of the client library is needed. ^_^ (For reference, a quick check in Debian suggests that in 3.23.49, the function is only present if mySQL was compiled with --with-ssl, while in 4.0.23 it was always available. So this _does_ have to be done before it can be accepted.) If you like, you can probably make it a configure test that checks for mysql_ssl_set being available in mysql.h, and flags it accordingly to make it easier for the user. (eg. They have to do exactly nothing to use their SSL-enabled libmysqlclient with FreeRADIUS.) This should only be a line or two in configure.in. ^_^ [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291945 [2] http://bugs.mysql.com/bug.php?id=8508 [3] http://dev.mysql.com/doc/mysql/en/mysql-ssl-set.html -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Marcin Jessa <[EMAIL PROTECTED]> [2005-03-19 04:05]: > On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > > Hey guys, > > > > > > > > we would like to implement the following setup: > > > > - FreeRADIUS radiusd on machine A > > > > - MySQL mysqld on machine B > > > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > > > It looks like you need to call mysql_ssl_set() with the needed > > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > > call, which is located in line 76 of the sql_mysql.c file (at least in > > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > > > Any volunteers for coding a test implementation? :) > > > > Ok, I have sat down and hacked something together, with a little help > > from a friend. I probably did something wrong or suboptimal (as I > > said, I am not a C coder), but at a first glance, it seems to work fine. > > Here's the patch: > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > Please feel invited to test it and eventually fix any bugs you find :-) > > All you need is stunnel. Yeah, right -- because MySQL supports SSL right out of the box, I will use another piece of external software. EBADIDEA. With MySQL-4, there's no need for such a kludgy workaround anymore. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
All you need is stunnel. On Sat, 19 Mar 2005 03:52:52 +0100 Wolfram Schlich <[EMAIL PROTECTED]> wrote: > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > > Hey guys, > > > > > > we would like to implement the following setup: > > > - FreeRADIUS radiusd on machine A > > > - MySQL mysqld on machine B > > > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > > as the mysql sources (/usr/include/mysql/mysql.h). > > > > It looks like you need to call mysql_ssl_set() with the needed > > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > > ca file, ssl ca path and ssl cipher) right after the mysql_init() > > call, which is located in line 76 of the sql_mysql.c file (at least in > > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > > > Any volunteers for coding a test implementation? :) > > Ok, I have sat down and hacked something together, with a little help > from a friend. I probably did something wrong or suboptimal (as I > said, I am not a C coder), but at a first glance, it seems to work fine. > Here's the patch: > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > Please feel invited to test it and eventually fix any bugs you find :-) > -- > Wolfram Schlich > -- Regards, M. Jessa http://www.yazzy.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL+SSL
* Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > > Hey guys, > > > > we would like to implement the following setup: > > - FreeRADIUS radiusd on machine A > > - MySQL mysqld on machine B > > > > FreeRADIUS should use the MySQL database on machine A over an SSL > > secured connection. Does FreeRADIUS support SSL for MySQL connections? > > I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well > as the mysql sources (/usr/include/mysql/mysql.h). > > It looks like you need to call mysql_ssl_set() with the needed > parameters (mysql socket connection, ssl key file, ssl cert file, ssl > ca file, ssl ca path and ssl cipher) right after the mysql_init() > call, which is located in line 76 of the sql_mysql.c file (at least in > the FreeRADIUS-1.0.2 distribution source tarball, subdirectory > src/modules/rlm_sql/drivers/rlm_sql_mysql). > > Any volunteers for coding a test implementation? :) Ok, I have sat down and hacked something together, with a little help from a friend. I probably did something wrong or suboptimal (as I said, I am not a C coder), but at a first glance, it seems to work fine. Here's the patch: http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch Please feel invited to test it and eventually fix any bugs you find :-) -- Wolfram Schlich pgp3owBd0kfv6.pgp Description: PGP signature
Re: FreeRADIUS and MySQL+SSL
* Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-16 09:05]: > Hey guys, > > we would like to implement the following setup: > - FreeRADIUS radiusd on machine A > - MySQL mysqld on machine B > > FreeRADIUS should use the MySQL database on machine A over an SSL > secured connection. Does FreeRADIUS support SSL for MySQL connections? I'm not a C coder, but! :) I had a look at the sql_mysql.c file as well as the mysql sources (/usr/include/mysql/mysql.h). It looks like you need to call mysql_ssl_set() with the needed parameters (mysql socket connection, ssl key file, ssl cert file, ssl ca file, ssl ca path and ssl cipher) right after the mysql_init() call, which is located in line 76 of the sql_mysql.c file (at least in the FreeRADIUS-1.0.2 distribution source tarball, subdirectory src/modules/rlm_sql/drivers/rlm_sql_mysql). Any volunteers for coding a test implementation? :) -- Wolfram Schlich pgpmM6VwKGHEe.pgp Description: PGP signature
Re: FreeRadius and MySQL
"TJ Burbank" <[EMAIL PROTECTED]> wrote: > When attempting to start the FreeRadius server in Debugging mode I > get unable to bind port to ip address 0.0.0.0:1812 It should tell you why. i.e. here's another RADIUS server running. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and Mysql
>All, > >I've successfully set up my freeradius to lookup the users in MySql. >I've two questions: >1. Is it possible to configure the RADIUS Clients in MySql too? > I'm using Freeradius 1.0.0 , simply put the following line in sql.conf. readclients = yes Please remember: It only loaded when freeradius starts . No real time update ! >2. would it be possible to write specific RADIUS Attributes into the >accounting db? In some cases, I will get VSAs, which I have to keep for some >days. In the text file accounting, I can find them. > You can modify the standard accounting table and queries (in the sql.conf file) to include any attribute you nas returns in the accounting requests. PC_Studio
Re: Freeradius and MySQL
Stefan escreveu: All, I've successfully set up my freeradius to lookup the users in MySql. I've two questions: 1. Is it possible to configure the RADIUS Clients in MySql too? There is a nas table in the db schema now but I don't know how it works. 2. would it be possible to write specific RADIUS Attributes into the accounting db? In some cases, I will get VSAs, which I have to keep for some days. In the text file accounting, I can find them. You can modify the standard accounting table and queries (in the sql.conf file) to include any attribute you nas returns in the accounting requests. Hope that helps, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : freeradius and mysql
Hi , Have you done the Configurable failover in /doc ? If you want send me your radius.conf and sql.conf or I give you mine to see what happens. What is exactly the pb ? Could we have your log (radiusd -X) ? thx -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : mercredi 15 septembre 2004 23:03 À : [EMAIL PROTECTED] Objet : freeradius and mysql I have a problem: I have a freeradius server and two mysql servers, I need freeradius connect to the mysql servers and when one of them fails the request goes automaticaly to the other mysql server and freeradius can still working without any interuption. I have tried with many configurations, but it doesn't works. Please anyone can give me some help. freeradius 1.0 and mysql 3.28 Alex - Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS and MySQL
On Tue, 20 Jul 2004, Lopez, A. wrote:
> Ok! Great,
> Here it comes my next question.
> How can I identify a request based on the NAS-Identifier attribute and
> configure FreeRADIUS to, based on that attribute, execute a specific SQL
> clause?
> I don't see such an option in the radiusd.conf file...
> Kind regards,
> Alex
You can use the users file for that (rough details):
radiusd.conf:
sql sql1{
[...]
specific query1
}
sql sql2{
[...]
specific query2
}
authorize{
files
autztype SQL1{
sql1
}
autztype SQL2{
sql2
}
}
users file:
DEFAULT NAS-Identifier == "NAS1", Autz-Type := SQL1
DEFAULT NAS-Identifier == "NAS2", Autz-Type := SQL2
>
> -Original Message-
> From: jesk [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 19, 2004 4:45 PM
> To: [EMAIL PROTECTED]
> Subject: Re: FreeRADIUS and MySQL
>
> All these things can be done with freeradius.
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL
you can execute a programm for every reply item.
Attribute-Name = `{%exec:/path/to/program args}`
in the program itself you can use the environment variables
for reading the nasipaddress or something else, all request items
are placed into the enviroment of the forked programm.
the output of the programm will be placed in the value of the
attribute.
all this can you find in radiusd.conf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS and MySQL
Ok! Great, Here it comes my next question. How can I identify a request based on the NAS-Identifier attribute and configure FreeRADIUS to, based on that attribute, execute a specific SQL clause? I don't see such an option in the radiusd.conf file... Kind regards, Alex -Original Message- From: jesk [mailto:[EMAIL PROTECTED] Sent: Monday, July 19, 2004 4:45 PM To: [EMAIL PROTECTED] Subject: Re: FreeRADIUS and MySQL All these things can be done with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and MySQL
All these things can be done with freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySql
[EMAIL PROTECTED] wrote: > My ask is how can i'm set freeradius in order to if one data base server > fail, it connect automatically at the other server? Try the latest CVS snapshots. They work a little better in this situation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FREERADIUS AND MYSQL DOC ( FRENCH )
Perhaps I'll do it when I will have more time :-) Or you can learn french to use it :-)) Le lun 09/02/2004 à 03:32, Fábio Viração a écrit : > And in English ??? :-) Do you have ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FREERADIUS AND MYSQL DOC ( FRENCH )
And in English ??? :-) Do you have ? - Original Message - From: "Laurent RAYSSIGUIER" <[EMAIL PROTECTED]> To: "FREERADIUS" <[EMAIL PROTECTED]> Sent: Sunday, February 08, 2004 12:22 PM Subject: FREERADIUS AND MYSQL DOC ( FRENCH ) Bonjour, Je viens de créer une doc pour installer freeradius 0.9.3 sur redhat 8.0 FR en utilisant la base de données mysql. Cette doc est disponoble sur le site de LINUX TARN dans la rubrique documentation ( logique non ? ;-) ) http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf A plus, Hello, For those who speak french, i had made an quick install guide for freeradius with mysql on redhat 8.0. If your're interested, you can find it on : http://www.linux-tarn.org/documentation/freeradius/install_fr_freeradius.rtf Best regards Laurent RAYSSIGUIER - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
