Hi again people, so a week ago i posted here a problem with 802.1x i had and it
turned to be all my users were MD5 password, so that was my problem.Today i
created a new DB on a test server, changed on sql.conf and tested.Im getting
this error, i tried to understand that, BUT im kinda a newbie on freeradius +
linux (i started to learn 1 month ago) and couldnt find the error.I dont know
if the error is on MYSQL or freeradius...
Appreciate anything you guys can help me!Thanks in advance.
nas_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' AND (
id_tp_usuario in (1, 2, 3) OR ( id_tp_usuario = 4 AND dt_ingresso <=
CURDATE() AND dt_egresso >= CURDATE() ) ) ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY
id" authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id" authorize_group_reply_query =
"SELECT id, groupname, attribute, value, op FROM
radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL AND
nasipaddress = '%{NAS-IP-Address}' AND acctstarttime <=
'%S'" accounting_update_query = " UPDATE radacct SET
framedipaddress = '%{Framed-IP-Address}', acctsessiontime
= '%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username = '%{SQL-User-Name}'
AND nasipaddress = '%{NAS-IP-Address}'" accounting_update_query_alt =
" INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctsessiontime,
acctauthentic, connectinfo_start, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', '%{%{Acct-Output-Gigawords}:-0}' <<
32 | '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'0', '%{X-Ascend-Session-Svr-Key}')" accounting_start_query = "
INSERT INTO radacct (acctsessionid, acctuniqueid,
username, realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET
acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start = '%{Connect-Info}'
WHERE acctsessionid = '%{Acct-Session-Id}' AND username
= '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}'
WHERE acctsessionid = '%{Acct-Session-Id}' AND username
= '%{SQL-User-Name}' AND nasipaddress =
'%{NAS-IP-Address}'" accounting_stop_query_alt = " INSERT INTO
radacct (acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32
| '%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'0', '%{%{Acct-Delay-Time}:-0}')" group_membership_query = "SELECT
groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority"
connect_failure_retry_delay = 60 simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol FROM
radacct WHERE username = '%{SQL-User-Name}'
AND acctstoptime IS NULL" postauth_query =
"INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')" safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linkedrlm_sql (sql): Attempting to connect to root@localhost:/radiusrlm_sql
(sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_mysql
#0rlm_sql_mysql: Starting connect to MySQL server for #0rlm_sql (sql):
Connected new DB handle, #0rlm_sql (sql): starting 1rlm_sql (sql): Attempting
to connect rlm_sql_mysql #1rlm_sql_mysql: Starting connect to MySQL server for
#1rlm_sql (sql): Connected new DB handle, #1rlm_sql (sql): starting 2rlm_sql
(sql): Attempting to connect rlm_sql_mysql #2rlm_sql_mysql: Starting connect to
MySQL server for #2rlm_sql (sql): Connected new DB handle, #2rlm_sql (sql):
starting 3rlm_sql (sql): Attempting to connect rlm_sql_mysql #3rlm_sql_mysql:
Starting connect to MySQL server for #3rlm_sql (sql): Connected new DB handle,
#3rlm_sql (sql): starting 4rlm_sql (sql): Attempting to connect rlm_sql_mysql
#4rlm_sql_mysql: Starting connect to MySQL server for #4rlm_sql (sql):
Connected new DB handle, #4rlm_sql (sql): Processing
generate_sql_clientsrlm_sql (sql) in generate_sql_clients: query is SELECT id,
nasname, shortname, type, secret, server FROM nasrlm_sql (sql): Reserving sql
socket id: 4rlm_sql (sql): Read entry
nasname=172.23.54.2,shortname=ruckus-controller,secret=t3st3rlm_sql (sql):
Adding client 172.23.54.2 (ruckus-controller, server=<none>) to clients
listrlm_sql (sql): Released sql socket id: 4 Module: Checking session {...} for
more modules to load Module: Linked to module rlm_radutmp Module: Instantiating
module "radutmp" from file /etc/freeradius/modules/radutmp radutmp {
filename = "/var/log/freeradius/radutmp" username = "%{User-Name}"
case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes
} Module: Checking post-proxy {...} for more modules to load Module: Checking
post-auth {...} for more modules to load Module: Linked to module
rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from
file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject
{ attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}"
} } # modules} # serverserver { # from file /etc/freeradius/radiusd.conf
modules { Module: Checking authenticate {...} for more modules to load Module:
Linked to module rlm_digest Module: Instantiating module "digest" from file
/etc/freeradius/modules/digest Module: Linked to module rlm_unix Module:
Instantiating module "unix" from file /etc/freeradius/modules/unix unix {
radwtmp = "/var/log/freeradius/radwtmp" } Module: Checking authorize {...} for
more modules to load Module: Linked to module rlm_preprocess Module:
Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess { huntgroups = "/etc/freeradius/huntgroups" hints =
"/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23
with_ntdomain_hack = no with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking
preacct {...} for more modules to load Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique acct_unique { key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module:
Checking accounting {...} for more modules to load Module: Linked to module
rlm_detail Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail detail { detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header =
"%t" detailperm = 384 dirperm = 493 locking = no
log_packet_header = no } Module: Linked to module rlm_sql_log Module:
Instantiating module "sql_log" from file /etc/freeradius/modules/sql_log
sql_log { path = "/var/log/freeradius/radacct/sql-relay" Post-Auth =
"INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ('%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S');"
sql_user_name = "%{%{User-Name}:-DEFAULT}" utf8 = no
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" }
Module: Instantiating module "attr_filter.accounting_response" from file
/etc/freeradius/modules/attr_filter attr_filter
attr_filter.accounting_response { attrsfile =
"/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module:
Checking session {...} for more modules to load Module: Checking post-proxy
{...} for more modules to load Module: Checking post-auth {...} for more
modules to load } # modules} # serverradiusd: #### Opening IP addresses and
Ports ####listen { type = "auth" ipaddr = * port = 0}listen {
type = "acct" ipaddr = * port = 0}listen { type = "auth" ipaddr
= 127.0.0.1 port = 18120}Listening on authentication address * port
1812Listening on accounting address * port 1813Listening on authentication
address 127.0.0.1 port 18120 as server inner-tunnelListening on proxy address *
port 1814Ready to process requests.rad_recv: Access-Request packet from host
172.23.54.2 port 32777, id=52, length=206 User-Name = "user"
Calling-Station-Id = "00-22-43-09-43-BD" NAS-IP-Address = 172.23.54.2
NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type =
Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT
802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message =
0x020000090175736572 Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0x53dcd42dc46e9bee1e5538df27c8ae45# Executing section
authorize from file /etc/freeradius/sites-enabled/default+- entering group
authorize {...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns
noop++[digest] returns noop[suffix] No '@' in User-Name = "user", looking up
realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] EAP packet
type response id 0 length 9[eap] No EAP Start, assuming it's an on-going EAP
conversation++[eap] returns updated++[unix] returns notfound++[files] returns
noop[sql] expand: %{User-Name} -> user[sql] sql_set_user escaped user -->
'user'rlm_sql (sql): Reserving sql socket id: 3[sql] expand: SELECT id,
username, attribute, value, op FROM radcheck WHERE username
= '%{SQL-User-Name}' AND ( id_tp_usuario in (1, 2, 3) OR (
id_tp_usuario = 4 AND dt_ingresso <= CURDATE() AND dt_egresso >= CURDATE() ) )
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'user' AND ( id_tp_usuario
in (1, 2, 3) OR ( id_tp_usuario = 4 AND dt_ingresso <= CURDATE() AND
dt_egresso >= CURDATE() ) ) ORDER BY idrlm_sql_mysql: MYSQL
check_error: 1054 receivedrlm_sql_getvpdata: database query error[sql] SQL
query error; rejecting userrlm_sql (sql): Released sql socket id: 3++[sql]
returns failInvalid user: [user/<via Auth-Type = EAP>] (from client
ruckus-controller port 1 cli 00-22-43-09-43-BD)Using Post-Auth-Type Reject#
Executing group from file /etc/freeradius/sites-enabled/default+- entering
group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} ->
user attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject]
returns updatedDelaying reject of request 0 for 1 secondsGoing to the next
requestWaking up in 0.9 seconds.Sending delayed reject for request 0Sending
Access-Reject of id 52 to 172.23.54.2 port 32777Waking up in 4.9
seconds.Cleaning up request 0 ID 52 with timestamp +205Ready to process
requests. -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
