Re: EAP/MD5 with mysql authentication failed
EAP-MD5 doesn't use inner-tunnel. Enable sql in default virtual server. Ivan Kalik Kalik Informatika ISP The problem has resolved by your way. Thank your ver much! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/MD5 with mysql authentication failed
hi, dont set the default auth-type for users alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/MD5 with mysql authentication failed
IN sites-enabled/inner-tunnel
--
authorize {
eap {
ok = return
}
files
sql
expiration
logintime
}
authenticate {
eap
}
EAP-MD5 doesn't use inner-tunnel. Enable sql in default virtual server.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/MD5 with mysql authentication failed
EAP/MD5 with mysql authentication failed
My running environment is freeraius-2.1.3 and mysql-5.0.37.
The authentication type is EAP/MD5. It's running well with individual 'user'
file, however, If I enable the sql optioal, it rejects with '[eap]
Handler failed in EAP/md5'. The mysql module was loaded success and could
connected with my database.
It could authorized in freeradius-1.0.5 and freeradius-1.1.7 with mysql, but
failed in freeradius-2.1.3.
I paste my mainly configuration file and debug information below.
Thanks for your help!
IN radius.conf
--
$INCLUDE sql.conf
IN sql.conf
--
server = localhost
port = 3306
login = radius
password = radius
IN sites-enabled/inner-tunnel
--
authorize {
eap {
ok = return
}
files
sql
expiration
logintime
}
authenticate {
eap
}
IN eap.conf
--
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
max_sessions = 2048
md5 {
}
}
IN user
--
DEFAULT Auth-Type := EAP
Fall-Through = 1
IN radcheck table
--
mysql select * from radcheck;
++--+++---+
| id | username | attribute | op | value |
++--+++---+
| 1 | test | Cleartext-Password | := | test |
IN radreply table
--
mysql select * from radreply;
++--+---++---+
| id | username | attribute | op | value |
++--+---++---+
| 1 | test | Framed-IP-Address | := | 192.168.1.55 |
DEBUG information
--
---Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=0,
length=142
User-Name = test
NAS-IP-Address = 192.168.1.7
NAS-Port = 0
Called-Station-Id = 00-0F-1E-51-00-04:
Calling-Station-Id = 00-13-D7-20-00-90
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x02090174657374
Message-Authenticator = 0xbfed0ae2dd3f0b2a36fe1a88cbd3569d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = test, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 144
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.7 port 1024
EAP-Message = 0x01010016041095e48ee00d7d5ecc1639d149c9aa7283
Message-Authenticator = 0x
State = 0x40ca4f4d40cb4b4734e42cbd94a7636b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=1,
length=173
User-Name = test
NAS-IP-Address = 192.168.1.7
NAS-Port = 0
Called-Station-Id = 00-0F-1E-51-00-04:
Calling-Station-Id = 00-13-D7-20-00-90
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x020100160410f34f8c1c140e4f4b3846e691a7aa2175
State = 0x40ca4f4d40cb4b4734e42cbd94a7636b
Message-Authenticator = 0xa9e8279e3d299800129cc25ad426acce
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = test, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 144
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
[eap] Handler failed in EAP/md5
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - test
Re: MySQL Authentication
Hi Alan, I decided to format my Mac and reinstall everything. That fixed all the issues that I have had so far. It compiled perfectly with the Perl Module (which I had to remove before) and MySQL is working flawlessly now. Thanks for pointing me in that direction. Thanks for your hard work on FreeRadius and your attention to the talk list. Your Awesome!! Cheers!! Joseph Sullivan On 5/14/07 9:07 AM, Alan DeKok [EMAIL PROTECTED] wrote: Joseph Sullivan wrote: I Built the server on this machine. Well, the error message seems to indicate that the module that was built doesn't match the machine you're running it on. I don't know how to fix that, sorry. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
On 5/11/07 11:11 PM, Alan DeKok [EMAIL PROTECTED] wrote: Did you build the server on that machine, or did you build it on another machine and move the binaries over? I Built the server on this machine. It's a MAC specific problem. Other people running MACs don't see it, so maybe you could give more information about your system. Alan DeKok. I don't know exactly what kind of Information to give. It is OSX Server Unlimited 10.4.9 with all apple updates applied before I installed anything else. It is a DP 450 with 2 gb memory. I obviously had to install Xcode to compile Free Radius. I'm sorry I really don't know what else you may need to know. Thanks for taking the time to help me!! Joseph Sullivan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
Joseph Sullivan wrote: I Built the server on this machine. Well, the error message seems to indicate that the module that was built doesn't match the machine you're running it on. I don't know how to fix that, sorry. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Authentication
Hello Group, I am running OSX 10.4.9 Server, with Free Radius 1.1.6. I have FreeRadius setup to connect to my MySQL Server for authentication. That server is running MySQL 4.1 When I try loading radiusd -X I get a mysql link error. rlm_sql (sql): Could not link driver rlm_sql_mysql: dlopen(/usr/local/lib/rlm_sql_mysql-1.1.6.so, 9): no suitable image found. Did find: ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. From what I read on the FAQ this is a library error on my system and has nothing to do with Freeradius. But my error differs slightly from what the FAQ says I could be seeing. I did run a ./configure | grep mysql_config and it came out saying MySQL = yes. Can someone help me resolve this? I greatly appreciate it. Joseph Sullivan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
Joseph Sullivan wrote: rlm_sql (sql): Could not link driver rlm_sql_mysql: dlopen(/usr/local/lib/rlm_sql_mysql-1.1.6.so, 9): no suitable image found. Did find: ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper Did you build the server on that machine, or did you build it on another machine and move the binaries over? Can someone help me resolve this? I greatly appreciate it. It's a MAC specific problem. Other people running MACs don't see it, so maybe you could give more information about your system. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
On 5/5/07 1:29 PM, liran tal [EMAIL PROTECTED] wrote: What version of mysql is it? For mysql5 you also need the libraries/dev, with debian these packages are called libmysqlclient15-dev and libmysqlclient15off MySQL ver 4.1 is running on a separate replication system. I installed MySQL 5.0 on this server to get the latest libraries. But still isn¹t working. Joseph Sullivan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Authentication
Hello Group, I am running OSX 10.4.9 Server, with Free Radius 1.1.6 When I try loading radiusd -X I get a mysql link error. rlm_sql (sql): Could not link driver rlm_sql_mysql: dlopen(/usr/local/lib/rlm_sql_mysql-1.1.6.so, 9): no suitable image found. Did find: ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. From what I read on the FAQ this is a library error on my system and has nothing to do with Freeradius. But my error differs slightly from what the FAQ says I could be seeing. I did run a ./configure | grep mysql_config and it came out saying MySQL = yes. Can someone help me resolve this? I greatly appreciate it. Joseph Sullivan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication
What version of mysql is it? For mysql5 you also need the libraries/dev, with debian these packages are called libmysqlclient15-dev and libmysqlclient15off Goodluck. On 5/5/07, Joseph Sullivan [EMAIL PROTECTED] wrote: Hello Group, I am running OSX 10.4.9 Server, with Free Radius 1.1.6 When I try loading radiusd -X I get a mysql link error. rlm_sql (sql): Could not link driver rlm_sql_mysql: dlopen(/usr/local/lib/rlm_sql_mysql-1.1.6.so, 9): no suitable image found. Did find: ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper ?/usr/local/lib/rlm_sql_mysql-1.1.6.so: no matching architecture in universal wrapper rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. From what I read on the FAQ this is a library error on my system and has nothing to do with Freeradius. But my error differs slightly from what the FAQ says I could be seeing. I did run a ./configure | grep mysql_config and it came out saying MySQL = yes. Can someone help me resolve this? I greatly appreciate it. Joseph Sullivan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On Thu, 2007-01-04 at 05:14 -0800, Alan DeKok wrote: Ian Truelsen wrote: Thanks for the clarification. Now, I still have the problem that, if I populate the users file with the same information that I have in my radcheck table, I get a positive authentication on the user. Without the users entry, I do not. Is there something else that needs to be populated in the radius database, like the group tables, or something? No. Perhaps you could try describing what is going into the users file, and what you think it should be doing. All I did with the users file was to duplicate the entry in the radcheck table. So I have: ian Auth-Type := Local, User-Password == test added to my users file and with that, radtest authenticates user ian. Without it, user ian is not authenticated. The same information is stored in my radcheck table: mysql select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 3 | ian | Password | == | test | ++--+---++---+ 1 row in set (0.01 sec) -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
Ian Truelsen wrote: All I did with the users file was to duplicate the entry in the radcheck table. So I have: ian Auth-Type := Local, User-Password == test 1) Don't set Auth-Type by hand. It's not necessary. 2) Use := for User-Password, not '=='. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On 1/4/07, Alan DeKok [EMAIL PROTECTED] wrote: Ian Truelsen wrote: All I did with the users file was to duplicate the entry in the radcheck table. So I have: ian Auth-Type := Local, User-Password == test 1) Don't set Auth-Type by hand. It's not necessary. 2) Use := for User-Password, not '=='. Alright, but that part of it works. It is the MySQL section that does not. Would these be related somehow? -- Ian Truelsen s/v Sting - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On Tue, 2007-01-02 at 17:45 -0300, Hernan Antolini wrote: ian sql goes in authorize section and accounting only; leave preprocess, auth_log, suffix and sql uncommented there to start. what about your ian entry in your users file ?...and delete that strange entry in your radcheck (id 1). Okay, here is where I am unclear on the concept: If I need an entry in the users file, as well as radcheck database, then why am I using MySQL at all? I envisioned the sql authorization as negating the need to hard code a file on the system, but if I need both, then I don't really need MySQL. Would the sql database not make the users file unnecessary? The first entry in the radcheck table is me forgetting to add the null as the first collumn. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
Ian Truelsen wrote: Okay, here is where I am unclear on the concept: If I need an entry in the users file, as well as radcheck database, You don't. The server is modular, which means any (or almost all) modules are optional. then why am I using MySQL at all? I envisioned the sql authorization as negating the need to hard code a file on the system, but if I need both, then I don't really need MySQL. Would the sql database not make the users file unnecessary? Yes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On Wed, 2007-01-03 at 17:01 -0800, Alan DeKok wrote: Ian Truelsen wrote: Okay, here is where I am unclear on the concept: If I need an entry in the users file, as well as radcheck database, You don't. The server is modular, which means any (or almost all) modules are optional. then why am I using MySQL at all? I envisioned the sql authorization as negating the need to hard code a file on the system, but if I need both, then I don't really need MySQL. Would the sql database not make the users file unnecessary? Yes. Thanks for the clarification. Now, I still have the problem that, if I populate the users file with the same information that I have in my radcheck table, I get a positive authentication on the user. Without the users entry, I do not. Is there something else that needs to be populated in the radius database, like the group tables, or something? -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini Ian Truelsen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/01/07 07:32 PM Please respond to FreeRadius users mailing list freeradius-users@lists.freeradius.org To Freeradius Mailing List freeradius-users@lists.freeradius.org cc Subject MySQL authentication problem radiusd: FreeRADIUS Version 1.1.3, for host i686-pc-linux-gnu, built on Dec 26 2006 at 01:46:55 mysql Ver 14.12 Distrib 5.0.30, for pc-linux-gnu (i686) using readline 5.2 I thought that I had everything configured properly for MySQL authentication, but when I try to do a test with radtest, the test user is not authenticated and there is no log of activity to the MySQL database. Anyway, here is the output of radiusd -X and, at the end, the population of my database: rad_recv: Access-Request packet from host 192.168.182.1:2053, id=7, length=55 User-Name = ian User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = ian, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: 'ian' rlm_sql (sql): sql_set_user escaped user -- 'ian' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'ian' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'ian' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module unix returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [ian/test] (from client brentwood port 1812) Delaying request 0 for 1 seconds Finished request 0 mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Any thoughts on why this is not working would be greatly appreciated. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote: ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini Well, I only want authentication from the MySQL database, so that should authenticate the user, if the sql section is working correctly. Why then, would the user not be authenticated, based on the information in the radcheck table (below)? mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Sorry if I am being obtuse, but there is something that I am not quite getting here. Thanks for the help. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote: ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini BTW, I just noticed that while there is a section in authorize for sql, there is not one in authenticate. Is that correct? -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
Ian Truelsen wrote: BTW, I just noticed that while there is a section in authorize for sql, there is not one in authenticate. Is that correct? Yes, radius does authentication. MySQL stores the password for radius. -Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
ian sql goes in authorize section and accounting only; leave preprocess, auth_log, suffix and sql uncommented there to start. what about your ian entry in your users file ?...and delete that strange entry in your radcheck (id 1). Ian Truelsen [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 01/02/07 04:35 PM Please respond to FreeRadius users mailing list freeradius-users@lists.freeradius.org To FreeRadius users mailing list freeradius-users@lists.freeradius.org cc Subject Re: MySQL authentication problem On Tue, 2007-01-02 at 09:37 -0300, Hernan Antolini wrote: ian, just review your radiusd.conf (authenticate and authorize sections) because you sql IS going ok. modcall[authorize]: module sql returns ok for request 0 but your unix IS not modcall[authenticate]: module unix returns notfound for request 0 just leave sql in your auth section if you plan to do it tha way Hernan Antolini Well, I only want authentication from the MySQL database, so that should authenticate the user, if the sql section is working correctly. Why then, would the user not be authenticated, based on the information in the radcheck table (below)? mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Sorry if I am being obtuse, but there is something that I am not quite getting here. Thanks for the help. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL authentication problem
Ian Truelsen wrote: BTW, I just noticed that while there is a section in authorize for sql, there is not one in authenticate. Is that correct? Yes. SQL servers are databases, not authentication servers. RADIUS servers are authentication servers, not databases. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL authentication problem
radiusd: FreeRADIUS Version 1.1.3, for host i686-pc-linux-gnu, built on Dec 26 2006 at 01:46:55 mysql Ver 14.12 Distrib 5.0.30, for pc-linux-gnu (i686) using readline 5.2 I thought that I had everything configured properly for MySQL authentication, but when I try to do a test with radtest, the test user is not authenticated and there is no log of activity to the MySQL database. Anyway, here is the output of radiusd -X and, at the end, the population of my database: rad_recv: Access-Request packet from host 192.168.182.1:2053, id=7, length=55 User-Name = ian User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = ian, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: 'ian' rlm_sql (sql): sql_set_user escaped user -- 'ian' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'ian' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'ian' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ian' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module unix returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Login incorrect: [ian/test] (from client brentwood port 1812) Delaying request 0 for 1 seconds Finished request 0 mysql select * from radcheck - ; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | Password | ==| te | | | 2 | ian | Password | == | test | ++--+---++---+ 2 rows in set (0.01 sec) Any thoughts on why this is not working would be greatly appreciated. -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql Authentication
Hi all, We are migrating from an old installation of Radiator onto Freeradius. Local test accounts work fine, however I am getting an error on mysql based authentication. I am sure I'm missing something basic, here is the output from the radiusd process. Thanks, Max Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:59269, id=53, length=75 User-Name = [EMAIL PROTECTED] User-Password = testdial NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm foo.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm foo.com rlm_realm: Proxying request from user cisp1 to realm foo.com rlm_realm: Adding Realm = foo.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 53 to 127.0.0.1 port 59269 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 53 with timestamp 44ad4ca3 -- Max Clark http://www.clarksys.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
Le Thu, Jul 06, 2006 at 10:48:03AM -0700, Max Clark ecrivait: Hi all, We are migrating from an old installation of Radiator onto Freeradius. Local test accounts work fine, however I am getting an error on mysql based authentication. I am sure I'm missing something basic, here is the output from the radiusd process. Thanks, Max Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:59269, id=53, length=75 User-Name = [EMAIL PROTECTED] User-Password = testdial NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm foo.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm foo.com rlm_realm: Proxying request from user cisp1 to realm foo.com rlm_realm: Adding Realm = foo.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 53 to 127.0.0.1 port 59269 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 53 with timestamp 44ad4ca3 Set Auth-Type to Local in your database. Regards, Fox. signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
It was actually much more of a basic problem - dialupadmin uses crypt passwords by default and the default radius configuration looks for clear text. Thanks, Max On 7/6/06, Francois-Xavier GAILLARD [EMAIL PROTECTED] wrote: Le Thu, Jul 06, 2006 at 10:48:03AM -0700, Max Clark ecrivait: Hi all, We are migrating from an old installation of Radiator onto Freeradius. Local test accounts work fine, however I am getting an error on mysql based authentication. I am sure I'm missing something basic, here is the output from the radiusd process. Thanks, Max Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:59269, id=53, length=75 User-Name = [EMAIL PROTECTED] User-Password = testdial NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm foo.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm foo.com rlm_realm: Proxying request from user cisp1 to realm foo.com rlm_realm: Adding Realm = foo.com rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module files returns ok for request 0 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 53 to 127.0.0.1 port 59269 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 53 with timestamp 44ad4ca3 Set Auth-Type to Local in your database. Regards, Fox. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFErVLawy/AUbta0EwRAvs8AJ98378eVPhgACk4Vf+VQbKtVR18KwCffZEC jDVkpNGWQnzBG+W80ofMlwg= =a1AQ -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Max Clark http://www.clarksys.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql Authentication
Max Clark [EMAIL PROTECTED] wrote: We are migrating from an old installation of Radiator onto Freeradius. Local test accounts work fine, however I am getting an error on mysql based authentication. I am sure I'm missing something basic, here is the output from the radiusd process. You still have the entry in the users file that sets Auth-Type = System Delete it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql authentication doesn't work
in radiusd.conf:
authorize {
auth_log
sql
}
authenticate {
}
in sql.conf:
sql_user_name = %{Calling-Station-Id}
authorize_check_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE UserName = '%{SQL-User-Name}' AND User='%{User-Name}' \
ORDER BY id
/usr/local/sbin/radiusd -X show me:
Listening on authentication XXX.XX.XX.XX:1812
Listening on accounting XXX.XX.XX.XX:1813
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.XX:1812, id=190, length=117
NAS-Identifier = mynas2
User-Name = test
User-Password = testpass
NAS-IP-Address = XXX.XX.XX.XX
NAS-Port-Type = Virtual
Called-Station-Id = 1000
Calling-Station-Id = 333999
Acct-Session-Id = d45d6126058adce5
Acct-Multi-Session-Id = d45d612600010610
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
radius_xlat: '/usr/local/var/log/radius/radacct/auth-detail.log'
rlm_detail: /usr/local/var/log/radius/radacct/auth-detail.log expands to
/usr/local/var/log/radius/radacct/auth-detail.log
modcall[authorize]: module auth_log returns ok for request 0
radius_xlat: '333999'
rlm_sql (sql): sql_set_user escaped user -- '333999'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE UserName = '333999' AND User='test'
ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: ''
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE UserName = 'secondtest' ORDER BY id'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): No matching entry in the database for request from user
[333999]
modcall[authorize]: module sql returns notfound for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [test/testpass] (from client mynas2 port 0 cli 333999)
Sending Access-Reject of id 190 to XXX.XX.XX.XX port 1812
Finished request 0
So, select from database:
mysql SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE UserName =
'333999' AND User='test' ORDER BY id;
+-++---+++
| id | UserName | Attribute | Value | op |
+-++---+++
| 1 | 333999 | Auth-Type | Accept | := |
| 37 | 333999 | User-Password | 378b243e220ca493 | == |
| 73 | 333999 | User-Name | test | == |
| 109 | 333999 | Called-Station-Id | 1000 | == |
+-++---+++
4 rows in set (0.58 sec)
As I understand, radius cannot understand crypted User-Password (by mysql
function password). Is it possible to slide over it? How to do it, can
someone give advice?
---
http://www.one.lv - Tavs mobilais e-pasts!
Tagad lasi savu e-pastu ar mobilo telefonu - wap.one.lv!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql authentication doesn't work
???, ?? [EMAIL PROTECTED] wrote: rlm_sql (sql): No matching entry in the database for request from user [333999] That's pretty definitive. The packet has: User-Password = testpass And SQL has: | 37 | 333999 | User-Password | 378b243e220ca493 | == | Could you explain why you think that entry should match? The entry in SQL has a different password than what's in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL Authentication on Solaris
Hello everybody. I have installed freeradius 1.0.1 on Solaris 9. However, it seems that I have a problem with MySQL Aythentication. As far as unix authentication is concearned everything seems to be working fine. I have installed MySQL 4.0.21 package, but radius complains about the modules used. I also ran ./configure with "with-mysql-include-dir=/usr/local/src/mysql-4.0.21/include" but nothing good happened. To be precise, there is no devel package for mysql 4.0.21, as this verison of mysql contains almost everything. Does anybody have a clue of how can I have MySQL authentication for RADIUS server on Solaris 9? Thanks in advance, Eva Kolega Network Operations Centre, Techonological Educational Institute of Athens - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql Authentication problems
I am using FreeRadius 1.0.2 with mySql on a Fedora Core3 machine. I am using the default encryption method. I have setup FreeRadius to successfully connect to mySql. I can successfully enter new users in through the dialup_admin web page, but when I Check Password the response I get, is NO It is wrong. When I do the radtest the server responds back to the client with: Sending Access-Request of id 125 to 192.168.1.104:1812 User-Name = test User-Password = test NAS-IP-Address = localhost.localdomain NAS-Port = 1812 rad_recv: Access-Reject packet from host 192.168.1.104:1812, id=125, length=20 On the server side: rad_recv: Access-Request packet from host 192.168.1.104:32769, id=187, length=56 User-Name = test User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 radius_xlat: 'test' rlm_sql (sql): sql_set_user escaped user -- 'test' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'test' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'test' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 1 modcall: group authorize returns ok for request 1 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Login incorrect: [test/test] (from client localhost port 1812) Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 187 to 192.168.1.104:32769 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 187 with timestamp 421a8970 Nothing to do. Sleeping until we see a request. I am not sure but I believe the problem is in this area: modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 If so, how can I fix the problem? I realize there must be an encryption setting that is wrong, so any help with is greatly appreciated. James Ecker MCSE + Internet, CNE, A+, Network+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql authentication
Hello, Is it normal that I see in radius.log : Tue Jul 8 15:15:15 2004 : auth: Login incorrect : [username/pasword] (from client clientname port 0) where password is crypted. Before, when I'm usinq users file I see the password in clear text ! Regards Jean Frontin System team I R I T Université Paul-Sabatier 118, rte de Narbonne 31062 Toulouse cedex 04 France tel (33)(0)5 61 55 63 03 mail [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql authentication
you can turn the reporting of password off in the rad.conf file it is a great debugging tool Brian On Thu, 2004-07-08 at 07:21, Jean Frontin wrote: Hello, Is it normal that I see in radius.log : Tue Jul 8 15:15:15 2004 : auth: Login incorrect : [username/pasword] (from client clientname port 0) where password is crypted. Before, when I'm usinq users file I see the password in clear text ! Regards Jean Frontin System team I R I T Université Paul-Sabatier 118, rte de Narbonne 31062 Toulouse cedex 04 France tel (33)(0)5 61 55 63 03 mail [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius+mysql authentication problem
Hi, I`m using freeradius+mysql to authentificate users. Somehow, I got following debug from server. --- Walking the entire request list ---Threads: total/active/spare threads = 5/1/4Waking up in 5 seconds...Thread 2 handling request 2, (1 handled so far) User-Name = "someuser" User-Password = "somepass"auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user. Does anyone got any ideas what might be wrong? Best Regards, Aleksandar
Re: freeradius+mysql authentication problem
--- Walking the entire request list ---Threads: total/active/spare threads = 5/1/4Waking up in 5 seconds...Thread 2 handling request 2, (1 handled so far) User-Name = "someuser" User-Password = "somepass"auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user. Does anyone got any ideas what might be wrong? you missed the Auth-Type attribute //milver
sqltrace, mysql authentication
Hi, I've managed to set up freeradius to authenticate users using the flat file format - however authentication with MySQL does not work. Furthermore, there is no sqltrace log file produced - and running it with -X -xxx only tells: rad_recv: Access-Request packet from host 192.168.1.112:32771, id=86, length=61 Fri Apr 9 18:05:51 2004 : Error: Ignoring request from unknown client 192.168.1.112:32771 Fri Apr 9 18:05:51 2004 : Debug: --- Walking the entire request list --- Fri Apr 9 18:05:51 2004 : Debug: Nothing to do. Sleeping until we see a request. Yes, the database has been populated and initial output from freeradius shows successful connection to the database server. Testing was done using radtest and ntradping. Questions: 1. What is the meaning of the error above? 2. Why isn't freeradius generating the sqltrace file? Regards, --mel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqltrace, mysql authentication
When running in debug mode there is no sql trace file. - Original Message - From: mel [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 09, 2004 01:11 PM Subject: sqltrace, mysql authentication Hi, I've managed to set up freeradius to authenticate users using the flat file format - however authentication with MySQL does not work. Furthermore, there is no sqltrace log file produced - and running it with -X -xxx only tells: rad_recv: Access-Request packet from host 192.168.1.112:32771, id=86, length=61 Fri Apr 9 18:05:51 2004 : Error: Ignoring request from unknown client 192.168.1.112:32771 Fri Apr 9 18:05:51 2004 : Debug: --- Walking the entire request list --- Fri Apr 9 18:05:51 2004 : Debug: Nothing to do. Sleeping until we see a request. Yes, the database has been populated and initial output from freeradius shows successful connection to the database server. Testing was done using radtest and ntradping. Questions: 1. What is the meaning of the error above? 2. Why isn't freeradius generating the sqltrace file? Regards, --mel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqltrace, mysql authentication
I should answer my own questions:
I edited users.conf and add 192.168.1.112 {..}
as one of the clients. Seems like the client
was not recognize, even though it's under
192.168.1.0/24{..}
However, freeradius still does not generate
sqltrace...
--mel
mel wrote:
rad_recv: Access-Request packet from host 192.168.1.112:32771, id=86,
length=61
Fri Apr 9 18:05:51 2004 : Error: Ignoring request from unknown client
192.168.1.112:32771
Fri Apr 9 18:05:51 2004 : Debug: --- Walking the entire request list ---
Fri Apr 9 18:05:51 2004 : Debug: Nothing to do. Sleeping until we
see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
