Re: Problem: switch authentication against Freeradius server
On 05/23/2013 03:34 PM, Roberto Carna wrote: Dear, I've implemented Linux SSH authentication using PAM against a Freeradius server, it was OK !!! But know I'm trying to authenticate some Allied switch users against the same Freeradius server...in the Allied switch I've defined the radius server IP, port and secret, and when I try to telnet this switch from other computer I fail and get this Freeradius log: (..) [pap] login attempt with password kqî½`_R??²m³- ½ [pap] Using clear text password 1234 [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (..) Please can you guide me in this problem ??? Have you double-checked the shared secret on the server and the NAS? -Øystein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
Roberto Carna wrote: But know I'm trying to authenticate some Allied switch users against the same Freeradius server...in the Allied switch I've defined the radius server IP, port and secret, and when I try to telnet this switch from other computer I fail and get this Freeradius log: It helps to read the debug output. rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0, length=76 User-Name = bapro2 User-Password = kq\356\275`_R\005\034\262m\263-\r\275 ... WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Does that mean anything to you? I see this line is completed with a wrong or cipher password, I don't know why: [pap] login attempt with password kqî½`_R??²m³- ½ Please can you guide me in this problem ??? I did. I made FreeRADIUS print out a big WARNING message which you're ignoring. Read it. Follow the instructions. And don't argue that the secret is correct. It's not. Fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
Hi, what exactly means double-checked the secret ??? I've defined the same secret in client.conf from Freeradius and in the config from Allied switch Thanks again... 2013/5/23 Øystein Gyland oyst...@usit.uio.no On 05/23/2013 03:34 PM, Roberto Carna wrote: Dear, I've implemented Linux SSH authentication using PAM against a Freeradius server, it was OK !!! But know I'm trying to authenticate some Allied switch users against the same Freeradius server...in the Allied switch I've defined the radius server IP, port and secret, and when I try to telnet this switch from other computer I fail and get this Freeradius log: (..) [pap] login attempt with password kqî½`_R??²m³- ½ [pap] Using clear text password 1234 [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (..) Please can you guide me in this problem ??? Have you double-checked the shared secret on the server and the NAS? -Øystein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
Dear Alan, my shared secret is testing123 in bothe switch and freeradius.it's the default shared secret as you can seeso I get lost :( 2013/5/23 Alan DeKok al...@deployingradius.com Roberto Carna wrote: But know I'm trying to authenticate some Allied switch users against the same Freeradius server...in the Allied switch I've defined the radius server IP, port and secret, and when I try to telnet this switch from other computer I fail and get this Freeradius log: It helps to read the debug output. rad_recv: Access-Request packet from host 10.4.133.254 port 49154, id=0, length=76 User-Name = bapro2 User-Password = kq\356\275`_R\005\034\262m\263-\r\275 ... WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Does that mean anything to you? I see this line is completed with a wrong or cipher password, I don't know why: [pap] login attempt with password kqî½`_R??²m³- ½ Please can you guide me in this problem ??? I did. I made FreeRADIUS print out a big WARNING message which you're ignoring. Read it. Follow the instructions. And don't argue that the secret is correct. It's not. Fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
Roberto Carna wrote: Dear Alan, my shared secret is testing123 in bothe switch and freeradius.it's the default shared secret as you can seeso I get lost :( No, it's not the same shared secret. I don't know what's going on. But the message Unprintable characters in the password means that the shared secret is wrong. NOTHING ELSE will cause the problem. Go back and read the REST of the debug output. Verify that the client section printed out by the server has the CORRECT shared secret. i.e. you can sit there and say but it's right! all day. That will NOT fix the problem. FreeRADIUS will NOT magically start working. The shared secret is wrong. Go fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
OK, just a last questionI have Freeradius with MySQL, where is the NAS in order to check the pre-shared secret ??? Thanks again. 2013/5/23 Alan DeKok al...@deployingradius.com Roberto Carna wrote: Dear Alan, my shared secret is testing123 in bothe switch and freeradius.it's the default shared secret as you can seeso I get lost :( No, it's not the same shared secret. I don't know what's going on. But the message Unprintable characters in the password means that the shared secret is wrong. NOTHING ELSE will cause the problem. Go back and read the REST of the debug output. Verify that the client section printed out by the server has the CORRECT shared secret. i.e. you can sit there and say but it's right! all day. That will NOT fix the problem. FreeRADIUS will NOT magically start working. The shared secret is wrong. Go fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
Roberto Carna wrote: OK, just a last questionI have Freeradius with MySQL, where is the NAS in order to check the pre-shared secret ??? If you have already edited the shared secret, you should know where it is. Go read the documentation. If you're too lazy to read it, I'm too lazy to cut paste it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: switch authentication against Freeradius server
OK, but using radtest utility with user, password and shared secret from other machine, I get the correct response from Freeradius, accepting the authentication. So, the problem maybe is in my Allied switch, maybe the OS is wrong in certain aspects like cipher libraries. Thanks to all. 2013/5/23 Alan DeKok al...@deployingradius.com Roberto Carna wrote: OK, just a last questionI have Freeradius with MySQL, where is the NAS in order to check the pre-shared secret ??? If you have already edited the shared secret, you should know where it is. Go read the documentation. If you're too lazy to read it, I'm too lazy to cut paste it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem: switch authentication against Freeradius server
What you're after is in the clients - file surely - that's where you set up the clients and secrets..? Otherwise maybe check if the secret in your switch is encrypted or not, cisco switches allow input of a 7 or 0 after certain commands to signify encryption or not - from a cisco NAS.. Not sure if allied is the same, not seen one. 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow I dunno,maybe I am on the wrong tack - can't pretend I know much! Andy From: freeradius-users-bounces+andy.franks=sath.nhs...@lists.freeradius.org [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradiu s.org] On Behalf Of Roberto Carna Sent: 23 May 2013 15:52 To: FreeRadius users mailing list Subject: Re: Problem: switch authentication against Freeradius server OK, but using radtest utility with user, password and shared secret from other machine, I get the correct response from Freeradius, accepting the authentication. So, the problem maybe is in my Allied switch, maybe the OS is wrong in certain aspects like cipher libraries. Thanks to all. 2013/5/23 Alan DeKok al...@deployingradius.com Roberto Carna wrote: OK, just a last questionI have Freeradius with MySQL, where is the NAS in order to check the pre-shared secret ??? If you have already edited the shared secret, you should know where it is. Go read the documentation. If you're too lazy to read it, I'm too lazy to cut paste it here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: FreeRadius Authentication using LDAP
suggestme wrote: But when I run radiusd -X command to run freeradius on debug mode, it gives following error: /usr/local/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to load module ldap. /usr/local/etc/raddb/sites-enabled/inner-tunnel[237]: Failed to parse ldap entry. This is in the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: FreeRadius Authentication using LDAP
Alan, Are you talking about the following FAQ: http://wiki.freeradius.org/FAQ#How+do+I+make+CHAP+work+with+LDAP%3F I have followed the same configuration method it has suggested. Or is there any other FAQ which mentions about this error and method to solve this? Thank you so much for your suggestion. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-FreeRadius-Authentication-using-LDAP-tp4974896p4975206.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: FreeRadius Authentication using LDAP
suggestme wrote: Are you talking about the following FAQ: No. I meant the FAQ entry which talked about being unable to load a module. The example is rlm_mysql, but the underlying cause and solution is the same. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication with rlm_perl
++[eap] returns noop ++[expiration] returns noop ++[logintime] returns noop You've removed the PAP module from the sites-available/default authorize stanza, so this happens: auth: No authenticate method (Auth-Type) configuration found for the Put the pap module back where it was. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
Hey, I am not sure, no specialist, but try to make this query in your mysql: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test-user' ORDER BY id Make sure, that your mysql server/login/password/database are correct. Take a look how is you password handled... clear-text or what? Maybe that will help you, Best regards, CoMeC On Thu, 13 Dec 2007 16:33:07 -0300, Pablo Lucchetti [EMAIL PROTECTED] wrote: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
mysql SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test-user' ORDER BY id; ++---+---+---++ | id | UserName | Attribute | Value | op | ++---+---+---++ | 1 | test-user | user-password | test-pass | == | ++---+---+---++ 1 row in set (0.00 sec) It seems to be OK, but looking into sql.conf MySQL listen on localhost only and NTRadping is running on my pc, that's right? Thanks a lot. Pablo CoMeC wrote: Hey, I am not sure, no specialist, but try to make this query in your mysql: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test-user' ORDER BY id Make sure, that your mysql server/login/password/database are correct. Take a look how is you password handled... clear-text or what? Maybe that will help you, Best regards, CoMeC On Thu, 13 Dec 2007 16:33:07 -0300, Pablo Lucchetti [EMAIL PROTECTED] wrote: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2721 (20071213) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
Send radiusd -X output. Have you done something to sql.conf apart from database connection details? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) [EMAIL PROTECTED] wrote: Send radiusd -X output. Have you done something to sql.conf apart from database connection details? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2721 (20071213) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) [EMAIL PROTECTED] wrote: Send radiusd -X output. Have you done something to sql.conf apart from database connection details? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2721 (20071213) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication
rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) [EMAIL PROTECTED] wrote: Send radiusd -X output. Have you done something to sql.conf apart from database connection details? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 Sending Access-Reject of id 2 to 192.168.1.109 port 4027 Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2721
Re: Problem with authentication
Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) [EMAIL PROTECTED] wrote: Send radiusd -X output. Have you done something to sql.conf apart from database connection details? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: Hi, I've a Freeradius on a Debian Etch with Mysql but when I'm triying to test with NTRadPing always got the same error. The user already exists in database rad_recv: Access-Request packet from host 192.168.1.109:4027, id=2, length=49 User-Name = test-user User-Password = test-pass rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user
Re: Problem with authentication
I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0
Re: Problem with authentication
gessuttia:/etc/freeradius# vim sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } ~ [EMAIL PROTECTED] wrote: sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct
Re: Problem with authentication
sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } radreoply table mysql select * from radreply; ++---+---++---+ | id | UserName |
Re: Problem with authentication
Is that the whole sql.conf? Where are the queries? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:/etc/freeradius# vim sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } ~ [EMAIL PROTECTED] wrote: sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on
Re: Problem with authentication
That's all Ivan. [EMAIL PROTECTED] wrote: Is that the whole sql.conf? Where are the queries? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:/etc/freeradius# vim sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } ~ [EMAIL PROTECTED] wrote: sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to
Re: Problem with authentication
No. This is how default sql.conf looks like: http://www.freeradius.org/radiusd/raddb/sql.conf You have deleted all that makes this module function. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: That's all Ivan. [EMAIL PROTECTED] wrote: Is that the whole sql.conf? Where are the queries? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:/etc/freeradius# vim sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } ~ [EMAIL PROTECTED] wrote: sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql):
Re: Problem with authentication
Thanks a lot Ivan! Now is working fine. Cheers, Pablo [EMAIL PROTECTED] wrote: No. This is how default sql.conf looks like: http://www.freeradius.org/radiusd/raddb/sql.conf You have deleted all that makes this module function. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: That's all Ivan. [EMAIL PROTECTED] wrote: Is that the whole sql.conf? Where are the queries? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:/etc/freeradius# vim sql.conf sql { driver = rlm_sql_mysql server = 127.0.0.1 login = dbuser password = dbpass radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = yes sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 } ~ [EMAIL PROTECTED] wrote: sqltrace = yes? Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: I tuned On sqltrace but nothing occurs :( mysql select * from radreply; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | Framed-IP-Address | = | 192.168.1.109 | | 2 | test-user | Framed-IP-Address | = | 0.0.0.0 | ++---+---++---+ 2 rows in set (0.00 sec) mysql select * from radcheck; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 1 | test-user | user-password | == | test-pass | ++---+---++---+ 1 row in set (0.00 sec) [EMAIL PROTECTED] wrote: Switch on sqltrace in sql.conf and see what happened with the queries. You do have a password for this user in radcheck table? You have posted just radreply table. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: rad_recv: Access-Request packet from host 192.168.1.109:1601, id=6, length=49 User-Name = test-user User-Password = test-pass rad_lowerpair: User-Name now 'test-user' rad_lowerpair: User-Password now 'test-pass' rad_rmspace_pair: User-Name now 'test-user' rad_rmspace_pair: User-Password now 'test-pass' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 radius_xlat: '' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Sending Access-Reject of id 6 to 192.168.1.109 port 1601 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 47619d3f Nothing to do. Sleeping until we see a request. [EMAIL PROTECTED] wrote: OK. Capital X == radiusd -X. And send from the point the request is received - you can skip the server startup. Ivan Kalik Kalik Informatika ISP Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše: gessuttia:~# freeradius -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect
Re: Problem with Authentication !!!
emerson [EMAIL PROTECTED] wrote: The problem is, my ap authenticate ok, but the clients linked on AP, it`s associated, but not log this, on freeradius, and any user, i`m tryng to use, it`s accept The radius not respect, only users in table mysql... My LOG with radiusd -X Which does not contain any authentication requests. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with authentication EAP/TLS !!!
emerson [EMAIL PROTECTED] wrote: My AP is a Ovislink wl5460AP, it's authenticate better, but the client linked on AP cause this error below: * Info: rlm_eap_md5: Issuing Challenge Mon May 15 14:47:29 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon May 15 14:47:30 2006 : Error: rlm_eap: EAP-Message not found Mon May 15 14:47:30 2006 : Error: rlm_eap: Malformed EAP Message You changed the configuration of the server to break it. And why is it so hard to run the server in debugging mode, to see what it's doing? That would answer your question very quickly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html