Community discussions

 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

freeradius fixed

Mon Jan 26, 2009 4:01 am

problem solved
Last edited by apo on Sun Feb 08, 2009 2:21 am, edited 1 time in total.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 9:50 am

In the users file there is a line like this:

DEFAULT Auth-Type=System
Fall-Through=1

It needs to be changed to:

DEFAULT Auth-Type=Local
Fall-Through=1

or the SQL database will not work. Have you done that? This line in the reject message leads me to believe that may not be complete:
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user

Also, in the radiusd.conf file, insure in the 'authorize' section that 'sql' is not remarked out. It should be
sql
not
#sql
 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 12:48 pm

I will take a look, pretty appreciated for the fast answer friend, thanks! I will give info what happened after the change
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 12:51 pm

You are welcome. The reason I am so good at reading those reject messages is NOT because I have always been good at this. I saw hundreds (dozens actually. It just seemed like hundreds!) of those before I figured all this out. :(
 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 12:54 pm

You are welcome. The reason I am so good at reading those reject messages is NOT because I have always been good at this. I saw hundreds (dozens actually. It just seemed like hundreds!) of those before I figured all this out. :(

I allmost banged my head out of the wall, i've tried changing freeradius versions, linux distros i tried allot of combinations was always stucking at the same point, there is nothing about this modification in users file which you're saying in the guides/userlists :( .. anyway i will post what happened in a few hours
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 1:09 pm

Just by the reject message, I will almost bet money, if you check both those, it will work. :D

ADD: And that is the output from
radiusd -X
not the reject message.
My bad.
 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 4:40 pm

Yes, thats from radiusd -X output, i will let you know sooner how did it go
 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

Re: FreeRADIUS + MYSQL + Mikrotik

Mon Jan 26, 2009 9:53 pm

After adding in users file:

DEFAULT Auth-Type=Local
Fall-Through=1

This is on the shell output:
[root@airo ~]# radtest test-user test-pass localhost 0 testing123
Sending Access-Request of id 15 to 127.0.0.1 port 1812
        User-Name = "test-user"
        User-Password = "test-pass"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=15, length=20
This is radiusdb -X output

rad_recv: Access-Request packet from host 127.0.0.1 port 40404, id=15, length=61
        User-Name = "test-user"
        User-Password = "test-pass"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test-user", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Local
WARNING: Please update your configuration, and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules instead.
No "known good" password was configured for the user.
As a result, we cannot authenticate the user.
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test-user
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 15 to 127.0.0.1 port 40404
Waking up in 4.9 seconds.
Cleaning up request 1 ID 15 with timestamp +113
Ready to process requests.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: FreeRADIUS + MYSQL + Mikrotik

Tue Jan 27, 2009 12:10 am

It is not checking with MySQL at all. I just did a fresh install of MySQL and FreeRadius on one of my servers, and it is already working. Here is a good radius/mysql negotiation:
rad_recv: Access-Request packet from host 127.0.0.1:32772, id=84, length=55
        User-Name = "tim"
        User-Password = "badpass"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "tim", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'tim'
rlm_sql (sql): sql_set_user escaped user --> 'tim'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radcheck
           WHERE Username = 'tim'           ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Att
ribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'tim' AND usergroup.GroupName = radgroupcheck.GroupName ORD
ER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply
           WHERE Username = 'tim'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Att
ribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE                               usergroup.Username = 'tim' AND usergroup.GroupName = radgroupreply.GroupName ORD                              ER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
  Processing the session section of radiusd.conf
modcall: entering group session for request 0
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'tim'
  modcall[session]: module "radutmp" returns ok for request 0
modcall: leaving group session (returns ok) for request 0
Sending Access-Accept of id 84 to 127.0.0.1 port 32772
        Acct-Interim-Interval = 600
        Idle-Timeout = 3600
        Mikrotik-Group = "managers"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 84 with timestamp 497e3156
Nothing to do.  Sleeping until we see a request.
It appears the authorize sql is either remarked out, or the include file is not being loaded.
My version uses mysql.conf and has this in radiusd.conf (by default was remarked out)
$INCLUDE ${confdir}/mysql.conf
Insure yours is not remarked out.

And it would not work without this setting in the users file:
DEFAULT Auth-Type = Local
Fall-Through=1

ADD: This is the newest version of each that I could get from my repository. Both are newer than I am used to, but both worked fine.
 
apo
just joined
Topic Author
Posts: 19
Joined: Mon Dec 08, 2008 4:21 am

Re: FreeRADIUS + MYSQL + Mikrotik

Tue Jan 27, 2009 1:13 am

xxxx
Last edited by apo on Sun Feb 08, 2009 2:21 am, edited 1 time in total.
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: FreeRADIUS + MYSQL + Mikrotik

Tue Jan 27, 2009 11:37 am

Any chance of explaining here, without the need for asking??
--Do you remember that guy who gave up? Neither does anybody else!
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: FreeRADIUS + MYSQL + Mikrotik

Tue Jan 27, 2009 11:55 am

OK, apo, here is where the "pay it forward" comes in. Let's say you don't owe me a beer, but you owe me the way you did it here on this thread! :D

It doesn't have to be real detailed, but generally would be good. What did you do different that made it work this time?

Who is online

Users browsing this forum: Google [Bot] and 100 guests