Freeradius configure issue [SOLVED] Dear All This is my first post here. I'm trying to Setting Up A FreeRADIUS Based AAA Server With MySQL & Management With Daloradius on Ubuntu 8.10 (intrepid) As is well known that the intrepid come with FR 2.x and Because I do not need (openssl, tls, and ttls) I just install FR and it's dependencies from apt-get, then I fellow the tutorial on Authentication, Authorization & Accounting With FreeRadius & MySQL Backend & Web Based Management with Daloradius to proceed with this howto I reached to the point where how can test FR working properly or not, firstly with files module, at this point I am completely confused because after running FR in debug mode with Code: freeradius -X and from another shell test it with Code: radtest abc 123 localhost 1812 testing123 I get the answer like this Code: Sending Access-Request of id 46 to 127.0.0.1 port 1812 User-Name = "abc" User-Password = "123" NAS-IP-Address = 10.10.0.11 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=46, length=32 Reply-Message = "Hello, abc" but on debug screen I get this Code: rad_recv: Access-Request packet from host 127.0.0.1 port 47363, id=46, length=55 User-Name = "abc" User-Password = "123" NAS-IP-Address = 10.10.0.11 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "abc", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry abc at line 204 expand: Hello, %{User-Name} -> Hello, abc ++[files] returns ok expand: %{User-Name} -> abc [sql] sql_set_user escaped user --> 'abc' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'abc' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'abc' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User abc not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "123" [pap] Using clear text password "123" [pap] [COLOR="Red"]User authenticated successfully[/COLOR] ++[pap] returns ok +- entering group post-auth {...} expand: %{User-Name} -> abc [sql] sql_set_user escaped user --> 'abc' expand: %{User-Password} -> 123 expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'abc', '123', [COLOR="Red"]'Access-Accept'[/COLOR], '2008-12-08 09:13:52') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'abc', '123', [COLOR="Red"]'Access-Accept'[/COLOR], '2008-12-08 09:13:52') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: MYSQL check_error: 1054 received rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list' rlm_sql (sql): Released sql socket id: 2 ++[sql] returns fail Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> abc attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 46 to 127.0.0.1 port 47363 Reply-Message = "Hello, abc" Waking up in 4.9 seconds. Cleaning up request 0 ID 46 with timestamp +95 What is supposed that's mean is it FR working or not, forgive me if this is stupid question but I need confirmation to proceed or rechech the configuration from beginning TIA SaFi
Ubuntu 8.10 & FreeRADIUS 2.x Management With DaloRADIUS 0.9-7 Hi, again Since posting this issue and I'm keep trying to find a proper solution to get finally all configurations worked. I've read all the conf files, doing a lot of searches. at last I discover that I was hasty reckless and inattentive. Now you can concern this is little modification to get FreeRADIUS on Ubuntu 8.10 work with daloRADIUS 0.9-7 perfectly. First of all you can fellow this Howto till to reach when FR start, it seem it is started with something like this Code: /var/run/freeradius/freeradius.pid not found in fact FR didn't work in spite it tell it Start [OK] to fix this go to /etc/freeradius/radiusd.conf search on Code: run_dir = ${localstatedir}/run/radiusd change it to Code: run_dir = ${localstatedir}/run/freeradius and replace Code: pidfile = ${run_dir}/radiusd.pid with Code: pidfile = ${run_dir}/freeradius.pid stop FR then restar it Code: /etc/init.d/freeradius stop /etc/init.d/freeradius start then FR will started normally and generate it's pid file after that you can test FR worked like this: add any user on your local machine to /etc/freeradius/uers then test it with Code: radtest user passwd localhost 1812 testing123 it is work for me and I get Code: Sending Access-Request of id 46 to 127.0.0.1 port 1812 User-Name = "user" User-Password = "passwd" NAS-IP-Address = 10.10.0.11 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=46, length=32 then you ready to configure FR with MySQL, it is quite simple thing, just fellow these steps go to the file /etc/freeradius/sites-enabled/default and comment out sql from the sections {authorize, accounting and session} you can comment unix and files from section {authorize} add database and user "radius" or whatever name you prefer to your radius db to MySQL server like this first login to you server Code: mysql -u root -p then Code: CREATE DATABASE radius; GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; FLUSH PRIVILEGES; exit; or simply use phpmyadmin for that purpose edit the file /etc/freeradius/sql.conf to meet your setting (location, username ,password and db name) near the bottom of the file comment out the readclients = no and made it like this Code: readclients = yes Download sql_schema & daloradius.conf zipped files to /opt and unzip it add database schema to your database radius like this Code: mysql -u root -p radius < /opt/mysql-dalo-and-fr2x.sql Now you ready to download daloRADIUS to your PC then move it to your Ubuntu machine in /opt and untar it there. to configure it with MySQL & FR you may fellow this steps edit the file /opt/daloradius.conf to meet your configuration the replace it with original one on /opt/daloradius-0.9-7/library/daloradius.conf if you didn't install the necessary packages and extensions yet you can do it now by Code: apt-get install apache2 php5 php5-mysql php5-gd php-pear php5-db Code: cd /opt cp daloradius-0.9-7/ /var/www -R chown www-data:www-data /var/www/daloradius-0.9-7 -R chmod 644 /var/www/daloradius-0.9-7/library/daloradius.conf cd / Edit the /etc/apache2/apache2.conf file and append this to the end of the file Code: Alias /radius-admin "/var/www/daloradius-0.9-7/" <Directory /var/www/daloradius-0.9-7/> Options None order deny,allow deny from all allow from 127.0.0.1 allow from [COLOR="Red"]x.x.x.x[/COLOR] ## [I]assign here whatever IP's addresses that you can access to your daloradius admin from it[/I] </Directory> restart apache Code: /etc/init.d/apache2 restart point to http://your-server-ip/radius-admin and login with username: administrator password: radius you can now test it by adding your nas to the nas list Congratulations you are done I attach here the two files (schema & conf) in case the it's link broken. please remove txt extension from both after you dl it
freeradius on desktop or server version ? Hey there SaFi2266, I´m glad that it finally worked for u. U put quite an effort in documenting all that. It would be nice if u put this in the form of a complete howto. The reason I say that is because I´ve ran into lots of ppl who make the mistake of replicating this howto on to ubuntu 8.10 desktop instead of using the server edition, which the original howto was written for. Server & Desktop versions have quite a bit of differences & can lead someone to rip their hair off of his head if hes a newbie. Anyway I would always deploy server versions on production systems. Mind u intrepid ibex has 18 month support line, unlike 8.4 which run till 2013 ( 5 years). Regards -- Oz
spam ? Hey there falko, I was just curious is this spam or its only me having issues translating this ? Regards -- Oz
freeradius accounting Hi all i configured my freeradius server with pppoe every thing is ok instead of the file acct_user, it contains a sctipts needed to change the session-timeout attr. but nothing is done there is no error in the output of (radiuds -X): 1) can you help me to correct this. 2) i need a soulution to change a session-timeout for the user when he disconnects. regards
rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'f I also followed the guide and was getting the sql error on the username field. My fix - which seems to have fixed at least radius for now was 2 sql queries: alter table radpostauth change user username varchar(64); alter table radpostauth change date authdate timestamp default CURRENT_TIMESTAMP;