Read radius client from database
Hi all, I am having problem to configure Radius to read client information from mysql database table nas. I found an option at last line of sql.conf readclients = yes i uncommented it ... then added record in nas table... then tried to send request from newly added client but it says unknown client Can anyone help me in this regard??? Thank you Regards, Saeed Akhtar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re:Re: Read radius client from database
Hi seems to me you are missing rlm_sql, when I start radiusd -X I get the following lines: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked .. rlm_sql_mysql: query: SELECT id, nasname, shortname, type, secret FROM nas this last line is then followed by rlm_sql (sql): Read entry nasname=127.0.0.1,shortname=localhost,secret=secretpw .. Maybe you didn't configure sql right. In freeradius2 Uncomment sql in raddb/sites-enabled/default Check you raddb/sql.conf file in freeradius1 uncomment sql (authorize section) in radiusd.conf and adapt sql.conf Michel Debug Trace: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/jradius.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded jradius jradius: name = example jradius: primary = 127.0.0.1 jradius: secondary = 192.168.1.2:1815 jradius: tertiary = 192.168.1.2:1816 jradius: timeout = 1 jradius: onfail = NOOP jradius: keepalive = yes jradius: connections = 8 rlm_jradius: configuring jradius server 127.0.0.1:1814 rlm_jradius: configuring jradius server 192.168.1.2:1815 rlm_jradius: configuring jradius server 192.168.1.2:1816 rlm_jradius: starting JRadius connection 0 rlm_jradius: starting JRadius connection 1 rlm_jradius: starting JRadius connection 2 rlm_jradius: starting JRadius connection 3 rlm_jradius: starting JRadius connection 4 rlm_jradius: starting JRadius connection 5 rlm_jradius: starting JRadius connection 6 rlm_jradius: starting JRadius connection 7 Module:
Re: Read radius client from database
Saeed Akhtar wrote: Debug Trace: You're not running 2.x. You should upgrade. You haven't configured the SQL module. You need to do this for it to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
Debug Trace:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/jradius.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
files: acctusersfile = /usr/local/etc/raddb/acct_users
files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded jradius
jradius: name = example
jradius: primary = 127.0.0.1
jradius: secondary = 192.168.1.2:1815
jradius: tertiary = 192.168.1.2:1816
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
rlm_jradius: configuring jradius server 127.0.0.1:1814
rlm_jradius: configuring jradius server 192.168.1.2:1815
rlm_jradius: configuring jradius server 192.168.1.2:1816
rlm_jradius: starting JRadius connection 0
rlm_jradius: starting JRadius connection 1
rlm_jradius: starting JRadius connection 2
rlm_jradius: starting JRadius connection 3
rlm_jradius: starting JRadius connection 4
rlm_jradius: starting JRadius connection 5
rlm_jradius: starting JRadius connection 6
rlm_jradius: starting JRadius connection 7
Module: Instantiated jradius (jradius)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /usr/local/var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas =
Re: Read radius client from database
Thanks for ur help setting sql in authorize section of radiusd.conf solved the problem But now when sql checks for username and password it gives error Unknow Attribute Cleartext-Password.. I am not upgrading to 2.x because i tried to configure jradius with 2.1.1 it gave errors... so best choice left for me was to degrade to 1.1.3 ... as a patch was available for this version but now im facing problems regarding mysql Can you people suggest me anything.. Thanks for the help Regards, Saeed Akhtar On Wed, Nov 26, 2008 at 6:17 PM, Alan DeKok [EMAIL PROTECTED]wrote: Saeed Akhtar wrote: Debug Trace: You're not running 2.x. You should upgrade. You haven't configured the SQL module. You need to do this for it to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
sql is commented out in radiusd.conf by default. Enable it somewhere.
This is the old server version. Use the latest one. Even for testing.
It's so much better.
Ivan Kalik
Kalik Informatika ISP
Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše:
Debug Trace:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/jradius.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
files: acctusersfile = /usr/local/etc/raddb/acct_users
files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded jradius
jradius: name = example
jradius: primary = 127.0.0.1
jradius: secondary = 192.168.1.2:1815
jradius: tertiary = 192.168.1.2:1816
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
rlm_jradius: configuring jradius server 127.0.0.1:1814
rlm_jradius: configuring jradius server 192.168.1.2:1815
rlm_jradius: configuring jradius server 192.168.1.2:1816
rlm_jradius: starting JRadius connection 0
rlm_jradius: starting JRadius connection 1
rlm_jradius: starting JRadius connection 2
rlm_jradius: starting JRadius connection 3
rlm_jradius: starting JRadius connection 4
rlm_jradius: starting JRadius connection 5
rlm_jradius: starting JRadius connection 6
rlm_jradius: starting JRadius connection 7
Module: Instantiated jradius (jradius)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
Re: Read radius client from database
1.1.3 doesn't use Cleartext-Password. That came in 1.1.4. Read the users file. It should be User-Password. Ivan Kalik Kalik Informatika ISP Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše: Thanks for ur help setting sql in authorize section of radiusd.conf solved the problem But now when sql checks for username and password it gives error Unknow Attribute Cleartext-Password.. I am not upgrading to 2.x because i tried to configure jradius with 2.1.1 it gave errors... so best choice left for me was to degrade to 1.1.3 ... as a patch was available for this version but now im facing problems regarding mysql Can you people suggest me anything.. Thanks for the help Regards, Saeed Akhtar On Wed, Nov 26, 2008 at 6:17 PM, Alan DeKok [EMAIL PROTECTED]wrote: Saeed Akhtar wrote: Debug Trace: You're not running 2.x. You should upgrade. You haven't configured the SQL module. You need to do this for it to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
Post the debug of the server startup. Ivan Kalik Kalik Informatika ISP Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše: Hi all, I am having problem to configure Radius to read client information from mysql database table nas. I found an option at last line of sql.conf readclients = yes i uncommented it ... then added record in nas table... then tried to send request from newly added client but it says unknown client Can anyone help me in this regard??? Thank you Regards, Saeed Akhtar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
Thanks It worked but here comes another issue where im stuck ... using both sql and jradius for authorization creates a problem First freeradius goes to sql and check for the user record... regardless of result of sql , request is also fwd to jradius. and jradius also checks for the same username in another database over another server (as im using jradius for having connectivity to another server)... i want freeradius to not go to jradius if sql result is access-accept i dont now that is there any conditional statements in configuration file which will help me hopeful for some help :) Thanks Regards, Saeed Akhtar 2008/11/26 [EMAIL PROTECTED] 1.1.3 doesn't use Cleartext-Password. That came in 1.1.4. Read the users file. It should be User-Password. Ivan Kalik Kalik Informatika ISP Dana 26/11/2008, Saeed Akhtar [EMAIL PROTECTED] piše: Thanks for ur help setting sql in authorize section of radiusd.conf solved the problem But now when sql checks for username and password it gives error Unknow Attribute Cleartext-Password.. I am not upgrading to 2.x because i tried to configure jradius with 2.1.1 it gave errors... so best choice left for me was to degrade to 1.1.3 ... as a patch was available for this version but now im facing problems regarding mysql Can you people suggest me anything.. Thanks for the help Regards, Saeed Akhtar On Wed, Nov 26, 2008 at 6:17 PM, Alan DeKok [EMAIL PROTECTED] wrote: Saeed Akhtar wrote: Debug Trace: You're not running 2.x. You should upgrade. You haven't configured the SQL module. You need to do this for it to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
Saeed Akhtar wrote: please...formatyourmessages in a normal way. Formatting them badly makes them harder to understand. i dont now that is there any conditional statements in configuration file which will help me hopeful for some help :) FreeRADIUS 2.x comes with a complete policy language. $ man unlang Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Read radius client from database
First freeradius goes to sql and check for the user record... regardless of result of sql , request is also fwd to jradius. and jradius also checks for the same username in another database over another server (as im using jradius for having connectivity to another server)... i want freeradius to not go to jradius if sql result is access-accept i dont now that is there any conditional statements in configuration file which will help me Not in 1.1.3. It can be done with unlang in new version. You should really try to get jradius working on 2.1.1. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
