Hello all..
I've been attempting to install a radiusd on a debian box for
quite some time now, but have run into several roadblocks. So
far, I've attempted to use both cistron and xtradius - both with
minimal success. After posting to the cistron mailing list, I was
informed that freeradius is really the best radiusd for me to use
considering my major concern is authenticating users from a MySQL
database, rather than from a flat config file.
I've installed and configured the following debian packages via
apt-get:
radiusd-freeradius (version 0.4-1)
radiusd-freeradius-mysql (version 0.4-1)
The machine i'm installing on is an debian (unstable) system
Linux terrapin 2.2.19pre17 #4 Tue Mar 13 22:37:59 EST 2001 i686
unknown
Everything appears to have installed correctly, and the radiusd
started up successfully
--- Begin Screen Output ---
root 234 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 236 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 237 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 238 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 239 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 240 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
root 241 0.0 3.0 13588 1852 ? S 10:35
0:00 /usr/sbin/radiusd
--- End Screen Output ---
I then used radtest (authenticating from the /etc/passwd as is
default) and everything worked fine.
At that point, I went ahead and made changes to the radiusd
config file (/etc/raddb/radiusd.conf) - I added 'sql' to
the 'authorize {', 'authenticate {', and 'accounting {' sections.
Additionally, i #commented out 'unix' from the 'authenticate {'
section)
After saving radiusd.conf, i proceeded to edut sql.conf and
specify the proper username and password for mysql (i am running
mysql Ver 11.15 Distrib 3.23.47, for pc-linux-gnu (i686))
in /etc/raddb/sql.conf. I saved this file, and then went to work on
the MySql database. Since i installed via apt-get, i did not have
the database schema .sql file (db_mysql.sql), so i downloaded the
source and obtained db_mysql.sql. I applied the schema, and then
proceeded to add a test user. I did so by logging into the radius
database in MySQL, and running the following commands:
'INSERT INTO usergroup VALUES('0','testuser','testgroup');'
'INSERT INTO radcheck VALUES('0',testuser','Password','testpass');'
'INSERT INTO radreply VALUES('0','testuser','Framed-IP-
Address','255.255.255.254');'
'FLUSH PRIVILEGES;'
The changes were successful, here are the results:
--- Begin Screen Output ---
mysql> select * from usergroup;
+----+----------+-----------+
| id | UserName | GroupName |
+----+----------+-----------+
| 1 | testuser | testgroup |
+----+----------+-----------+
1 row in set (0.01 sec)
mysql> select * from radcheck;
+----+----------+-----------+----------+
| id | UserName | Attribute | Value |
+----+----------+-----------+----------+
| 1 | testuser | Password | testpass |
+----+----------+-----------+----------+
1 row in set (0.00 sec)
mysql> select * from radreply;
+----+----------+-------------------+-----------------+
| id | UserName | Attribute | Value |
+----+----------+-------------------+-----------------+
| 1 | testuser | Framed-IP-Address | 255.255.255.254 |
+----+----------+-------------------+-----------------+
1 row in set (0.00 sec)
--- End Screen Output ---
At this point, I restarted freeradius, so that the changes
to /etc/raddb/radiusd.conf would take effect. All appears to go
well as the radiusd comes up without error.
Figuring that MySQL authentication was now configured, i issued
the following command:
'radtest testuser testpass localhost localhost testing123'
and the system replies:
--- Begin Screen Output ---
Sending Access-Request of id 101 to 127.0.0.1:1812
User-Name = "testuser"
Password = "$\312\367[\205\271\273L\316h\257\264\20\347
\365"
NAS-IP-Address = terrapin
NAS-Port-Id = "localhost"
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=101,
length=20
--- End Screen Output ---
So it appears that the radiusd is up and running, but it is
obviously not properly authenticating from the MySQL database.
Additionally, when i attempt to connect to the machine from
elsewhere on the internal network with ntradping, it times out
from a lack of server response.
--- Begin NTRadPing Output ---
'Sending authentication request to server 192.168.1.111:1812'
'Transmitting packet, code=1 id=0 length=49'
'no response from server (timed out), new attempt (#1)'
etc..
--- End NTRadPing Output ---
I've checked my /etc/services and radius has the appropriate
entries:
radius 1812/tcp # Radius
radius 1812/udp # Radius
radius-acct 1813/tcp radacct # Radius Accounting
radius-acct 1813/udp radacct # Radius Accounting
I'm starting to get very frustrated with this configuration, so
hopefully someone here will be able to help me out.
Thank you,
Chris Vinci
http://sampson.etree.org
http://spa.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
