rlm_eap:SSL error
Dear All, Please let me know the detailed reason why the RADIUS server log is showing the error in SSLV3 read client certificate A please let me know the necessary steps to solve this. With regards , Apangshu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to connect to backend DB
But you asked if there was: "some standard method that may be used to connect and fetch data from the MYSQL database?" The answer is: Look at rlm_sql, rlm_sqlippool or any of the other modules that use SQL.. -Peter On Fri 08 Jun 2007, Nitin Naveen wrote: > Hi Peter, > > I did bother to look at rlm_sql. However my need is a bit different. I do > not > want to fetch values from a DB and added them as values to certain radisu > attributes. > I want to fetch, do some operation on the feteched value and then add the > result > of the operation to the radius attributes. Any ideas or suggested steps > would be > helpful. > > Regards > Nitin > > Date: Thu, 7 Jun 2007 11:12:47 +0300 > From: Peter Nixon <[EMAIL PROTECTED]> > Subject: Re: How to connect to backend DB > To: FreeRadius users mailing list > > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-9" > > On Thu 07 Jun 2007, Nitin Naveen wrote: > > Hi, > > > > I am writing a new RLM called rlm_prop_protocol. It basically adds some > > attributes. The value for > > these attributes are pulled from a backend database (MYSQL). I wanted to > > know whether there > > is a provision in freeradius or some standard method that may be used to > > connect and fetch > > data from the MYSQL database. As of now I have added MYSQL specific code > > in my module. > > Did you bother to look at the FreeRADIUS code before you started writing?? > > The modules rlm_sql and rlm_sql_mysql would seem to be pretty self > explanatory :-) > > It is quite likely that you can do what you need without writing a new > module... > > Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to connect to backend DB
Hi Peter, I did bother to look at rlm_sql. However my need is a bit different. I do not want to fetch values from a DB and added them as values to certain radisu attributes. I want to fetch, do some operation on the feteched value and then add the result of the operation to the radius attributes. Any ideas or suggested steps would be helpful. Regards Nitin Date: Thu, 7 Jun 2007 11:12:47 +0300 From: Peter Nixon <[EMAIL PROTECTED]> Subject: Re: How to connect to backend DB To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-9" On Thu 07 Jun 2007, Nitin Naveen wrote: > Hi, > > I am writing a new RLM called rlm_prop_protocol. It basically adds some > attributes. The value for > these attributes are pulled from a backend database (MYSQL). I wanted to > know whether there > is a provision in freeradius or some standard method that may be used to > connect and fetch > data from the MYSQL database. As of now I have added MYSQL specific code > in my module. Did you bother to look at the FreeRADIUS code before you started writing?? The modules rlm_sql and rlm_sql_mysql would seem to be pretty self explanatory :-) It is quite likely that you can do what you need without writing a new module... Cheers -- *DISCLAIMER* This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Big "VSA + Proxy" problem
Hello, Running Freeradius 1.1.4 on RHEL with an Oracle backend. I'm at a Carrier and every "@bar.com" request is configured to be proxied but I have a problem where a VSA (in radreply table) is not even sent to bar.com. In my database: select * from radcheck; ID USERNAME ATTRIBUTE OP VALUE --- -- - --- 1 [EMAIL PROTECTED]User-Password := temp123 select * from radreply; ID USERNAME ATTRIBUTE OP VALUE --- -- --- 1 [EMAIL PROTECTED]ERX-Service-Bundle:= test1 ID USERNAME ATTRIBUTE OP VALUE --- -- 2 [EMAIL PROTECTED]Framed-IP-Address:= 192.168.254.199 Disabling the proxying for this realm works correctly (freeradius auths the user locally and sends the VSA to the router). With proxy configured, the user gets authenticated by bar.com but the VSA is not sent to bar.com (no traces of it in pre_proxy logs nor in radiusd -X debugs). I've already added ERX-Service-Bundle =* ANY in both attrs and attrs.pre-proxy and enabled the filters in radiusd.conf, but still no luck. Question: if that issue gets fixed and the VSA goes to bar.com, is there any way to bar.com return that same VSA untouched (considering that bar.com doesn't knows a thing about that VSA, i.e: it doesn't has any VSA info on it's database)? In fact, I don't need to send that VSA to bar.com, I just need to send it directly to my router(just like in the unproxied realm) but the proxy feature doesn't allow that. Please consider that I can't simply add "ERX-Service-Bundle := test1" in attrs (like I do with DNS VSAs) because the value of that VSA is chained with the user in radreply and each user has it's own different value (test2, test5, etc.). I'm very worried. Can anyone please shed some light on this? Thank you very much! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 26, Issue 20
Ich bin am Freitag den 8. Juni nicht im Haus und kann Ihre Nachricht erst am Montag den 11. Juni bearbeiten. In dringenden Fällen wenden Sie sich bitte an Herrn René Böhm (E-Mail: [EMAIL PROTECTED]). Mit freundlichen Grüßen Tobias Drollinger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ldap group troubles
Dourty, Brian R. (IATS) wrote: > Upgrading is what broke this functionality. It works with version > 1.0.1. Sometime after that a change was made to rlm_ldap.c. This change > modified the ldap_escape_func() function. The way this function works in > 1.1.4 and up is different than 1.0.1. Basically, it didn't escape > anything in 1.0.1 and now it does. > > What we see in 1.1.4/1.1.6 is that a UserDN returned from AD using > OpenLDAP looks like this: > > CN=Lastname\,Firstname, CN=bla,DC=bla > > After the ldap_escape_func() returns it looks like this: > > CN\\3dLastname\\5c\\5c\\2cFirstname\\2cCN\\3dbla\\2cDC\\3dbla > > The \, gets escaped then translated and becomes \\5c\\5c\\2c which > doesn't match \, in the member= results of the group. > Actually now that you mention it I seem to remember this coming up before, and me giving the same answer to someone else: FreeRadius' ldap_escape_func appears very over-zealous. I believe it's only necessary to escape: * ( ) \ NUL ...when substituting values into LDAP filters. FR escapes in addition to this: , + " < > ; = (and not NUL, but of course FR can't actually deal with strings containing embedded nulls. Binary types yes, not strings) See: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg34741.html And: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg22126.html Note that the post in that latter thread is wrong - RFC2254 only mandates escaping of the chars in my 1st list, and explicitly not the others. However, RFC2254 does *permit* escaping of other chars. I'm guessing AD doesn't process that however and thus the fault. I'd like to know why FR ldap_escape_func was made more strict - was there an actual problem or was it solving a problem that doesn't actually exist? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC-auth only to AP needs a little guidance.
Use MAC address both as username and Calling-Station-Id. No password. Ivan Kalik Kalik Informatika ISP Dana 7/6/2007, "Giobbi Piero" <[EMAIL PROTECTED]> piše: >Hi all. > >Im just got radius with user/password to work with my firewall and i >just love it! Now i would like to make it rock with our airport >basestations to. I only want MAC-authentication, isearched everywhere >but i cant find a single example for this , without EAP/TLS. > >I tried: > > "shared secret" as more or less a panic try but of course >it didnt work. If anyone could just give me an example or hint where >to find some nice info about it would make me happy. > >Thx > >p > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC-auth only to AP needs a little guidance.
Hi all. Im just got radius with user/password to work with my firewall and i just love it! Now i would like to make it rock with our airport basestations to. I only want MAC-authentication, isearched everywhere but i cant find a single example for this , without EAP/TLS. I tried: "shared secret" as more or less a panic try but of course it didnt work. If anyone could just give me an example or hint where to find some nice info about it would make me happy. Thx p - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql Problem with Freeradius on C entos 5
Hi all, After much head scratching I worked it out. The problem was that SELinux was enabled and stopping radiusd from connecting to the socket. Thanks for your help. Andy > > Message: 2 > Date: Thu, 7 Jun 2007 10:12:38 +0300 > From: "liran tal" <[EMAIL PROTECTED]> > Subject: Re: rlm_sql_mysql Problem with Freeradius on Centos 5 > To: "FreeRadius users mailing list" > > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Could it be an authentication problem? Maybe you didn't spell the user to > connect to mysql correct? > I would also suggest that you enable extensive logging on the mysql side > to > see if there are any > requests. This is done usually in /etc/mysql/my.cnf > > > Liran. > > On 6/7/07, Andy Hughes <[EMAIL PROTECTED]> wrote: >> >> Hi Freeradius Users, >> >> I am having an issue with the rlm_sql_mysql driver on Centos 5. >> >> When I run radius from the init.d/radiusd the server presents the >> following error in the radius logs. >> >> --snip-- >> >> Fri Jun 8 02:58:42 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql >> (module rlm_sql_mysql) loaded and linked >> Fri Jun 8 02:58:42 2007 : Info: rlm_sql (sql): Attempting to connect to >> [EMAIL PROTECTED]:3306/radius >> Fri Jun 8 02:58:42 2007 : Info: rlm_sql_mysql: Starting connect to > MySQL >> server for #0 >> Fri Jun 8 02:58:42 2007 : Error: rlm_sql_mysql: Couldn't connect socket >> to MySQL server [EMAIL PROTECTED]:radius >> Fri Jun 8 02:58:42 2007 : Error: rlm_sql_mysql: Mysql error 'Can't >> connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' >> (13)' >> Fri Jun 8 02:58:42 2007 : Error: rlm_sql (sql): Failed to connect DB >> handle #0 >> >> -- snip -- >> >> -- snip -- >> netstat -a >> >> unix 3 [ ] STREAM CONNECTED 120857 >> /var/lib/mysql/mysql.sock >> tcp 00 *:mysql *:* >> LISTEN >> >> -- snip -- >> >> I have tried running the server as root and I still receive the same >> error. >> >> However, >> >> When I run the server in extended debug mode (as root) the server starts >> fine and will serve authentication from the MySQL database quite > happily. >> >> --snip-- >> >> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >> linked >> rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:3306/radius >> rlm_sql (sql): starting 0 >> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 >> rlm_sql_mysql: Starting connect to MySQL server for #0 >> rlm_sql (sql): Connected new DB handle, #0 >> rlm_sql (sql): starting 1 >> rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 >> rlm_sql_mysql: Starting connect to MySQL server for #1 >> rlm_sql (sql): Connected new DB handle, #1 >> rlm_sql (sql): starting 2 >> rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 >> rlm_sql_mysql: Starting connect to MySQL server for #2 >> rlm_sql (sql): Connected new DB handle, #2 >> rlm_sql (sql): starting 3 >> rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 >> rlm_sql_mysql: Starting connect to MySQL server for #3 >> rlm_sql (sql): Connected new DB handle, #3 >> rlm_sql (sql): starting 4 >> rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 >> rlm_sql_mysql: Starting connect to MySQL server for #4 >> rlm_sql (sql): Connected new DB handle, #4 >> Module: Instantiated sql (sql) >> >> --snip-- >> >> I have also tried various variations of commands in sql.conf to > configure >> the sql port. Can anyone tell me what the appropriate configuration > command >> is? >> >> Can anyone shine any light on what might be the problem here? >> >> Regards, >> >> Andy Hughes >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > -- next part -- > An HTML attachment was scrubbed... > URL: > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070607/46f1e64f/attachment-0001.html > > -- > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users2mysql Problem Issue 2
Jeff wrote: > k, that did it > but the issue is when importing > entrys are going into the raccheck and usergroup > but nothing in the radreply > hence > none of the user attributes associated are being imported > but is see no errors when after the script ran running back through what > it outputted. This seems mostly like a training issue. You need to learn at least some rudimentary SQL queries for MySQL if that is what you will be using. The MySQL manual is fairly well written. However, out of curiosity, how are you importing entries? Please be specific. I don't want to know that you a running a script, I want to know what the script is doing and why you think it should be putting things in radreply. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ldap group troubles
Upgrading is what broke this functionality. It works with version 1.0.1. Sometime after that a change was made to rlm_ldap.c. This change modified the ldap_escape_func() function. The way this function works in 1.1.4 and up is different than 1.0.1. Basically, it didn't escape anything in 1.0.1 and now it does. What we see in 1.1.4/1.1.6 is that a UserDN returned from AD using OpenLDAP looks like this: CN=Lastname\,Firstname, CN=bla,DC=bla After the ldap_escape_func() returns it looks like this: CN\\3dLastname\\5c\\5c\\2cFirstname\\2cCN\\3dbla\\2cDC\\3dbla The \, gets escaped then translated and becomes \\5c\\5c\\2c which doesn't match \, in the member= results of the group. Any ideas where the extra \\5c is coming from? Brian Dourty System Administrator - Team Lead Division of IT University of Missouri - Columbia 573-882-1035 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of Phil Mayers Sent: Tuesday, June 05, 2007 6:50 PM To: FreeRadius users mailing list Subject: Re: Ldap group troubles Dourty, Brian R. (IATS) wrote: > I'm having some trouble with the ldap group configuration against AD and > need a little help. > > > > Freeradius 1.1.4 Upgrade. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users2mysql Problem Issue 2
k, that did it but the issue is when importing entrys are going into the raccheck and usergroup but nothing in the radreply hence none of the user attributes associated are being imported but is see no errors when after the script ran running back through what it outputted. _ From: [EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Thu, 07 Jun 2007 08:41:37 -0400 Subject: Re: users2mysql Problem run this SQL command from mysql prompt: DELETE FROM radcheck,usergroup,... whatever table you have written to It will delete data but not reset the indexes. But wouldn't it be wise to learn a little bit about SQL before embarking on something like this? Ivan Kalik Kalik Informatika ISP Dana 7/6/2007, "Jeff" <[EMAIL PROTECTED]> piše: >I had made a mistake when importing my users file. > >Is there a way to purge the user data from mysql and it clears all their info >from all the tables > >without reinstalling the database? > > > >Jeff > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check-config option
Giovanni Lovato wrote: > So how could I check configuration before sighupping the process? > I try a script called ``check-radiusd-config'' but it gives me: The preferred method is to have a test server. Generally you want a primary and secondary server anyways and often I will use the secondary to test minor changes since there is very little traffic there normally. Aside from that, I think you can change the port it listens on and start another process along side the production one. Then as long as you don't mess up the syntax when changing the port back, you should have your test. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check-config option
[EMAIL PROTECTED] wrote: Hi, With FreeRADIUS you can simply use: radiusd -C to check the configuration. [...] gone deprecated So how could I check configuration before sighupping the process? I try a script called ``check-radiusd-config'' but it gives me: # check-radiusd-config Radius server configuration looks OK. also when configuration IS NOT OK! Any other new method or option to do that? G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Markus Wintruff istaußer Haus.
Ich werde ab 07.06.2007 nicht im Büro sein. Ich kehre zurück am 10.06.2007. Bitte wenden sie sich an Michael Cochu [EMAIL PROTECTED] +49-40-7339-1432. I am not in the office. Please contact Michael Cochu [EMAIL PROTECTED] +49-40-7339-1432. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users2mysql Problem
run this SQL command from mysql prompt: DELETE FROM radcheck,usergroup,... whatever table you have written to It will delete data but not reset the indexes. But wouldn't it be wise to learn a little bit about SQL before embarking on something like this? Ivan Kalik Kalik Informatika ISP Dana 7/6/2007, "Jeff" <[EMAIL PROTECTED]> piše: >I had made a mistake when importing my users file. > >Is there a way to purge the user data from mysql and it clears all their info >from all the tables > >without reinstalling the database? > > > >Jeff > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: users2mysql Problem
you could try a sql query that deletes data in the table DELETE FROM example WHERE age='15' Robert From: Jeff <[EMAIL PROTECTED]>Reply-To: FreeRadius users mailing list To: "FreeRadius users mailing list" Subject: users2mysql ProblemDate: Thu, 07 Jun 2007 08:09:29 -0400 I had made a mistake when importing my users file. Is there a way to purge the user data from mysql and it clears all their info from all the tables without reinstalling the database? Jeff >->List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users2mysql Problem
I had made a mistake when importing my users file. Is there a way to purge the user data from mysql and it clears all their info from all the tables without reinstalling the database? Jeff- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check-config option
Hi, > > With FreeRADIUS you can simply use: > > radiusd -C > > to check the configuration. [...] gone deprecated alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 26, Issue 18
Hi Peter, I did bother to look at rlm_sql. However my need is a bit different. I do not want to fetch values from a DB and added them as values to certain radisu attributes. I want to fetch, do some operation on the feteched value and then add the result of the operation to the radius attributes. Any ideas or suggested steps would be helpful. Regards Nitin Date: Thu, 7 Jun 2007 11:12:47 +0300 From: Peter Nixon <[EMAIL PROTECTED]> Subject: Re: How to connect to backend DB To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-9" On Thu 07 Jun 2007, Nitin Naveen wrote: > Hi, > > I am writing a new RLM called rlm_prop_protocol. It basically adds some > attributes. The value for > these attributes are pulled from a backend database (MYSQL). I wanted to > know whether there > is a provision in freeradius or some standard method that may be used to > connect and fetch > data from the MYSQL database. As of now I have added MYSQL specific code > in my module. Did you bother to look at the FreeRADIUS code before you started writing?? The modules rlm_sql and rlm_sql_mysql would seem to be pretty self explanatory :-) It is quite likely that you can do what you need without writing a new module... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc *DISCLAIMER* This message and/or attachment(s) contained here are confidential, proprietary to HUGHES SYSTIQUE and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the entity it is addressed to. If you are not the intended recipient of this message, it is strictly prohibited to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately and delete the message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
check-config option
On http://wiki.freeradius.org/index.php/FAQ, question 6.10 I read: With FreeRADIUS you can simply use: radiusd -C to check the configuration. [...] But when I try to do that: # radiusd -C radiusd: invalid option -- C Usage: radiusd [-a acct_dir] [-d db_dir] [-l log_dir] [-i address] [-p port] [-AcfnsSvXxyz] I'm using FreeRADIUS 1.1.6. G.L. -- www.aldu.net/~heruan [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: From users file to SQL
>It doesn't work. When the user is member of SUSPENDED and has a static IP >address, rlm_sqlippool doesn't override the Framed-IP-Address. >This is the behavior I expect for all other cases/groups. > I am not sure if sqlippool has the option to override Framed-IP-Address if it is already set. Ordinary ippool in radiusd.conf does. As I said, this is not a smart thing to do - even if you override IP address, he can change it to his static IP address in his Connection Properties after the connection is made and gain access. Anyone with basic IT skills can do this. And they DO know their static IP address. >I had another problem with this configuration. A user can be member of >multiple groups. If he is member of SUSPENDED, I want it to be the only one >group evaluated. This can be achieved with "Fall-Though" in users file, but >it don't know how to do it with SQL. > By managing groups properly. Going to group2 after failing with group1 is a good thing. That's how dial backup is done for our broadband customers. But if I suspend them, broadband group is changed to suspend while dial group is deleted. When suspension is lifted, suspend is changed to his broadband group while dial group is added as No.2. If he is suspended, he should be removed from other groups in usergroup table. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql Problem with Freeradius on Centos 5
>I have tried running the server as root and I still receive the same error. > >However, > >When I run the server in extended debug mode (as root) the server starts fine >and will serve authentication from the MySQL database quite happily. What? When you type radiusd at the prompt as root it crashes and when you type radiusd -X it works fine??? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to connect to backend DB
On Thu 07 Jun 2007, Nitin Naveen wrote: > Hi, > > I am writing a new RLM called rlm_prop_protocol. It basically adds some > attributes. The value for > these attributes are pulled from a backend database (MYSQL). I wanted to > know whether there > is a provision in freeradius or some standard method that may be used to > connect and fetch > data from the MYSQL database. As of now I have added MYSQL specific code > in my module. Did you bother to look at the FreeRADIUS code before you started writing?? The modules rlm_sql and rlm_sql_mysql would seem to be pretty self explanatory :-) It is quite likely that you can do what you need without writing a new module... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql Problem with Freeradius on Centos 5
Could it be an authentication problem? Maybe you didn't spell the user to connect to mysql correct? I would also suggest that you enable extensive logging on the mysql side to see if there are any requests. This is done usually in /etc/mysql/my.cnf Liran. On 6/7/07, Andy Hughes <[EMAIL PROTECTED]> wrote: Hi Freeradius Users, I am having an issue with the rlm_sql_mysql driver on Centos 5. When I run radius from the init.d/radiusd the server presents the following error in the radius logs. --snip-- Fri Jun 8 02:58:42 2007 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Fri Jun 8 02:58:42 2007 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:3306/radius Fri Jun 8 02:58:42 2007 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Fri Jun 8 02:58:42 2007 : Error: rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius Fri Jun 8 02:58:42 2007 : Error: rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)' Fri Jun 8 02:58:42 2007 : Error: rlm_sql (sql): Failed to connect DB handle #0 -- snip -- -- snip -- netstat -a unix 3 [ ] STREAM CONNECTED 120857 /var/lib/mysql/mysql.sock tcp 00 *:mysql *:* LISTEN -- snip -- I have tried running the server as root and I still receive the same error. However, When I run the server in extended debug mode (as root) the server starts fine and will serve authentication from the MySQL database quite happily. --snip-- rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:3306/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) --snip-- I have also tried various variations of commands in sql.conf to configure the sql port. Can anyone tell me what the appropriate configuration command is? Can anyone shine any light on what might be the problem here? Regards, Andy Hughes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html