Freeradius configure issue

[SaFi2266]

Dear All
This is my first post here.
I'm trying to Setting Up A FreeRADIUS Based AAA Server With MySQL & Management With Daloradius on Ubuntu 8.10 (intrepid) As is well known that the intrepid come with FR 2.x and Because I do not need (openssl, tls, and ttls) I just install FR and it's dependencies from apt-get, then I fellow the tutorial on Authentication, Authorization & Accounting With FreeRadius & MySQL Backend & Web Based Management with Daloradius to proceed with this howto I reached to the point where how can test FR working properly or not, firstly with files module, at this point I am completely confused because after running FR in debug mode with

Code:

freeradius -X

and from another shell test it with

Code:

radtest abc 123 localhost 1812 testing123

I get the answer like this

Code:

Sending Access-Request of id 46 to 127.0.0.1 port 1812
        User-Name = "abc"
        User-Password = "123"
        NAS-IP-Address = 10.10.0.11
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=46, length=32
        Reply-Message = "Hello, abc"

but on debug screen I get this

Code:

rad_recv: Access-Request packet from host 127.0.0.1 port 47363, id=46, length=55
        User-Name = "abc"
        User-Password = "123"
        NAS-IP-Address = 10.10.0.11
        NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry abc at line 204
        expand: Hello, %{User-Name} -> Hello, abc
++[files] returns ok
        expand: %{User-Name} -> abc
[sql] sql_set_user escaped user --> 'abc'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'abc'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'abc'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User abc not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "123"
[pap] Using clear text password "123"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
        expand: %{User-Name} -> abc
[sql] sql_set_user escaped user --> 'abc'
        expand: %{User-Password} -> 123
        expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'abc',                           '123',                           'Access-Accept', '2008-12-08 09:13:52')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'abc',                           '123',                           'Access-Accept', '2008-12-08 09:13:52')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
        expand: %{User-Name} -> abc
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 46 to 127.0.0.1 port 47363
        Reply-Message = "Hello, abc"
Waking up in 4.9 seconds.
Cleaning up request 0 ID 46 with timestamp +95

What is supposed that's mean is it FR working or not, forgive me if this is stupid question but I need confirmation to proceed or rechech the configuration from beginning

TIA
SaFi

[SaFi2266]

Hi, again

Since posting this issue and I'm keep trying to find a proper solution to get finally all configurations worked. I've read all the conf files, doing a lot of searches. at last I discover that I was hasty reckless and inattentive.

Now you can concern this is little modification to get FreeRADIUS on Ubuntu 8.10 work with daloRADIUS 0.9-7 perfectly.

First of all you can fellow this Howto till to reach when FR start, it seem it is started with something like this

Code:

/var/run/freeradius/freeradius.pid not found

in fact FR didn't work in spite it tell it Start [OK]
to fix this go to /etc/freeradius/radiusd.conf search on

Code:

run_dir = ${localstatedir}/run/radiusd

change it to

Code:

run_dir = ${localstatedir}/run/freeradius

and replace

Code:

pidfile = ${run_dir}/radiusd.pid

with

Code:

pidfile = ${run_dir}/freeradius.pid

stop FR then restar it

Code:

/etc/init.d/freeradius stop
/etc/init.d/freeradius start

then FR will started normally and generate it's pid file
after that you can test FR worked like this: add any user on your local machine to /etc/freeradius/uers then test it with

Code:

radtest user passwd localhost 1812 testing123

it is work for me and I get

Code:

Sending Access-Request of id 46 to 127.0.0.1 port 1812
        User-Name = "user"
        User-Password = "passwd"
        NAS-IP-Address = 10.10.0.11
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=46, length=32

then you ready to configure FR with MySQL, it is quite simple thing, just fellow these steps

1. go to the file /etc/freeradius/sites-enabled/default and comment out sql from the sections {authorize, accounting and session} you can comment unix and files from section {authorize}
2. add database and user "radius" or whatever name you prefer to your radius db to MySQL server like this
   first login to you server
   Code:

   mysql -u root -p

   then
   
   Code:

   CREATE DATABASE radius;
   GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
   FLUSH PRIVILEGES;
   exit;

   or simply use phpmyadmin for that purpose
   
3. edit the file /etc/freeradius/sql.conf to meet your setting (location, username ,password and db name) near the bottom of the file comment out the readclients = no and made it like this
   Code:

   readclients = yes

4. Download sql_schema & daloradius.conf zipped files to /opt and unzip it
5. add database schema to your database radius like this
   
   Code:

   mysql -u root -p radius < /opt/mysql-dalo-and-fr2x.sql

Now you ready to download daloRADIUS to your PC then move it to your Ubuntu machine in /opt and untar it there.
to configure it with MySQL & FR you may fellow this steps

1. edit the file /opt/daloradius.conf to meet your configuration the replace it with original one on /opt/daloradius-0.9-7/library/daloradius.conf
2. if you didn't install the necessary packages and extensions yet you can do it now by
   Code:

   apt-get install apache2 php5 php5-mysql php5-gd php-pear php5-db

3. Code:

   cd /opt
   cp daloradius-0.9-7/ /var/www -R
   chown www-data:www-data /var/www/daloradius-0.9-7 -R
   chmod 644 /var/www/daloradius-0.9-7/library/daloradius.conf
   cd /

4. Edit the /etc/apache2/apache2.conf file and append this to the end of the file
   
   Code:

   Alias /radius-admin "/var/www/daloradius-0.9-7/"
      <Directory /var/www/daloradius-0.9-7/>
         Options None
         order deny,allow
         deny from all
         allow from 127.0.0.1 
         allow from x.x.x.x ## assign here whatever IP's addresses that you can access to your daloradius admin from it
    </Directory>

5. restart apache
   Code:

   /etc/init.d/apache2 restart

6. point to http://your-server-ip/radius-admin and login with
   
   username: administrator
   password: radius
7. you can now test it by adding your nas to the nas list
8. Congratulations you are done

I attach here the two files (schema & conf) in case the it's link broken. please remove txt extension from both after you dl it

[awan]

Hey there SaFi2266,
I´m glad that it finally worked for u. U put quite an effort in documenting all that. It would be nice if u put this in the form of a complete howto.

The reason I say that is because I´ve ran into lots of ppl who make the mistake of replicating this howto on to ubuntu 8.10 desktop instead of using the server edition, which the original howto was written for.

Server & Desktop versions have quite a bit of differences & can lead someone to rip their hair off of his head if hes a newbie.

Anyway I would always deploy server versions on production systems. Mind u intrepid ibex has 18 month support line, unlike 8.4 which run till 2013 ( 5 years).
Regards
--
Oz

[awan]

Hey there falko,
I was just curious is this spam or its only me having issues translating this ?
Regards
--
Oz

[patigoal]

Hi all
i configured my freeradius server with pppoe
every thing is ok instead of the file acct_user, it contains a sctipts needed to change the session-timeout attr. but nothing is done
there is no error in the output of (radiuds -X):
1) can you help me to correct this.
2) i need a soulution to change a session-timeout for the user when he disconnects.

regards

[geolaw]

I also followed the guide and was getting the sql error on the username field.

My fix - which seems to have fixed at least radius for now was 2 sql queries:

alter table radpostauth change user username varchar(64);
alter table radpostauth change date authdate timestamp default CURRENT_TIMESTAMP;