Comments on Authentication, Authorization & Accounting with FreeRadius & MySQL backend & web based Management with Daloradius

Yes I admit the term "newbie" was a little overboard. I suppose it should be "a novice" cuz this one was based on ubuntu 8.X LTS which does console based installation, which supposedly is not newbie friendly.

Anyway use this site to search for packages if u find cli to be intimidating.
http://packages.ubuntu.com/

I fixed few things as well e.g freeradius -X (In rpm based distros it was radiusd -X. so yes mybad)

Let me know if get it working.

--

First of thanks to the author for this great tutorial

while it does indeed work there were a couple of caveots

mainly that their is now a daloradius-0.9-8 which

 I changes some things ie database scheme

while I was still able to get this all working on a test machine at home trying

to impliment this on our dedicated server (which runs plesk and has some other vhosts) failed miserably

anychance the author would update this guide and have an optional section on how to impliment this on a server that hosts other domains

Much Thanks

MD

The how-to seems to work OK with daloRadius 0.98 provided that you edit the "library/daloradius.conf.php" file by hand to include the changes from the author's "daloradius.conf" file. In particular, I found that this line needed to be edited:

 $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'usergroup';

 changed to

 $configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';

 This also fixes a problem experience by one of the previous commentators. 

 There are some other problems with the database schema when using the steps in this tutorial with daloRADIUS 0.98 (and I suspect also with the version of FreeRadius I'm using). I'll try to post a follow-up comment when I find all of them!

Congratulation, this one solved my issue ! 

 Thx. 

i use this app on my phone to manage users. Works really well.

 https://play.google.com/store/apps/details?id=com.larscom.freeradiusandroid&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5sYXJzY29tLmZyZWVyYWRpdXNhbmRyb2lkIl0.

your freeradius is running in normal mode of operation. first run it in safe mode. in debian smth like this

/etc/init.d/freeradius stop

and then

freeradius -X

I went through this process step by step. When ran the build command (rpmbuild -bb freeradius.spec)  we got 12 rpms. Installed the 4 rpms per the instructions, but instructions don't say anything about the other 8 rpms that were created.

Ealier comment was correct that the mysql command to use the radiusd database should be "use radiusdb;" and not "use database radiusdb;"

Successfuly added a test user to users file and received accepted response from radtest  against users file when running radiusd -X.

Did NOT receive accepted response when running radtest for a user in the mysql database.

It doesn't give enough detailed changes to configure the sql.conf file.

Because could not get user in mysql database to authenticate anything after this is a waste of time because the daloradius will not work either.

This was done on CentOS 5.3

It does work.

let me know what version of daloradius are u using. make sure u adhere to the versions of the software being used in this tutorial.

Donot jump to conclusions

Cheer up

--

Ozy

Nice, writing my comment took too long, now I may do it again...

 Sorry, but I got a few things to say. I'm sure it took some effort to find all this out and write it down, but somehow I doubt that the author has ever done this on Hardy, there are simply too many bugs in this howto, and following the instructions would never lead to a running system.

 I can't remember all my modifications, so good luck to everyone trying this, but some hints anyway:

- Packages

  - more need to be installed, specifically build-essential, fakeroot, mysql-client-5.0, mysql-server.

  - libmysqlclient-dev has no installation candidate.

  - Instead of "apt-get install php php-mysql php-pear php-gd php-pear-DB" it should be "apt-get install php5 php5-mysql php-pear php5-gd php5-db".

- MySQL

  - Instead of "use database radius" it should be "use radius".

- Freeradius

  - The program should be started with "freeradius -X".

  - In /etc/freeradius/users, comment out the line  "DEFAULT        Auth-Type = System" and the following one if you do not plan to go mad.

- misc

  - When copying daloradius to /var/www. omit the trailing slash! It should be "cp -R daloradius-0.9-7 /var/www".

  - Somehow I feel that lighty should do just fine instead of heavyweight Apache...

As I said before, there may be more and I am not yet done with the setup. Most howtos here are quite good, so I'm surprised one that never worked got through...

The tutorial was written for CentOS 5.x, so I'm sure that's the problem why it doesn't work on Ubuntu 8.04.

hmm. a hasty comment. giving bad press to this article. anyway try this link for setting this thing up on ubuntu.

https://www.howtoforge.com/setting-up-a-freeradius-based-aaa-server-with-mysql-and-management-with-daloradius

Note: This one deals with freeradius 2.x & the one with ubuntu deals with freeradius 1.7

Good luck with that.

Yes, sorry. When I had to write the comment a second time I ended up at the wrong tutorial. However, the comments do apply to the Hardy one, which surely will not work for a newbie, as claimed in the intro:

 http://howtoforge.org/setting-up-a-freeradius-based-aaa-server-with-mysql-and-management-with-daloradius

Thanks for this this, it helped so much...

Try submitting that command "radtest..." from the local host i.e from another shell.

And yeah also try flushing the iptables 

--

Oz

   I followed all the instructions step by step, and my freeradius does not work.... it gives me a reject message which means the server is running but I cannot authenticate any user against the server...

I got this error at the end of step three when testing the MySQL and FreeRadius connection.  I found I needed to uncomment the line below from radiusd.conf

#$INCLUDE sql.conf

I am very glad with this "how to", I follow step by step and with minor changes works most of them.

I have a little problem, when I list users in DaloRadius, I receive that error:

Database error
Error Message: DB Error: no such table
Debug info: SELECT distinct(radcheck.username),radcheck.value, radcheck.id,usergroup.groupname as groupname, radcheck.attribute, userinfo.firstname, userinfo.lastname FROM radcheck LEFT JOIN userinfo ON radcheck.username=userinfo.username LEFT JOIN usergroup ON radcheck.username=usergroup.username WHERE (Attribute LIKE '%-Password') OR (Attribute='Auth-Type') GROUP BY UserName [nativecode=1146 ** Table 'radiusdb.usergroup' doesn't exist]

Looks like the query select the table "radcheck"

Can you help me?

Thanks

Hey there,

I am glad that ur glad with this tutorial.

Regarding ur issue.  Did u downloaded & installed the modified DB schema ? It is critical to all the functioning.

I don´t quite recall all of the stuff but that (using that schema) should fix things nicely.

Furthermore u could debug this thing better in the sql shell. Re-run the query in dummy/expected inputs. That should clear up any issues. Again I feel its the freeradius 1.7.X  --> FR 2.X schema issues that must be coughing up errors.

If there is any modification required do let me know.

Cheers

---

Ozzy

It is a very good tutorial......I configured Freeradius + Mysql & getting Accept-Accept responce from radius for test user. I also have configured Daloradius-0.9.8 as mentioned but when I am trying to access it via Web interface with Username "Administrator" & passwrod "radius" it gives following error:-

Database connection error
Error Message: DB Error: connect failed
Debug: [nativecode=Access denied for user 'radius'@'localhost.localdomain' (using password: YES)] ** mysql://radius:[email protected]/radiusdb

Can you ple help me on this?

Param

Evey time I try to login to daloradius it says:

Database connection error

Error message: DB error: not found

Debug: unable to include the DB/.php file for ':radius:[email protected]/radiusdb

I got access accepted packets  on the sql test so I know that part is functioning correctly. Can anyone help with this? Thank you all for your valuable time.

Head into this file (daloradius/library/daloradius.conf) to check for the mismatched username/password info that ur providing.

Furthermore make sure privileges have been correctly set in the mysql for fr/dalo db.

Cheers

---

Ozzy

There is no mismatch, the point is that DB.php which is called on line 72 does not exist in the /library directory.

 It was not part of the tar distribution.

 Where can we find that file?

    include_once ('DB.php');

        $dbSocket = DB::connect($dbConnectString);

        if (DB::isError ($dbSocket))

                die ("<b>Database connection error</b><br/>

                        <b>Error Message</b>: " . $dbSocket->getMessage () . "<br/>" .

                        "<b>Debug</b>: " . $dbSocket->getDebugInfo() . "<br/>");

you should install php-db

sudo apt-get install  php-pear php5-gd php5-db

You have to set value in daloradius.conf.php instead of daloradius.conf.

The author did not mention this.

I went through the install compiling from source and everything went smoothly until now where am trying to login to daloradius

 getting this error in the browser after pressing login

Database connection error
Error Message: DB Error: connect failed
Debug: [nativecode=Can't connect to MySQL server on '127.0.0.1' (13)] ** mysql://radius:[email protected]/radiusdb

 its not a problem with the username and password, i tested that from the mysql prompt. 

ok i fixed my problem. i found a script to test the connection to mysql from php and releazed that the connection only works when i use localhost instead of 127.0.0.1. so i edited the config_db_host in /var/www/daloradius-0.9-8//library/daloradius.conf.php to read "localhost"

seems am gonna have some problems cause i'm trying to add a user and got an error unknow field 'address'

it appears a sql schema file is needed for daloradius 0.9-8. does anyone have that can post it please...

Hi

i 'm using daloradius-0.9-8 with freeradius and mysql; i have a problem when testing mysql and freeradius , here is below what i have :

 1- i etered this :radtest sqltest testpwd localhost 1812 testing123

 2- and here isthe result :

 Sending Access-Request of id 29 to 127.0.0.1 port 1812
        User-Name = "sqltest"
        User-Password = "testpwd"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=29, length=20

and on freeradius debug i have this :

radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM radreply           WHERE Username = 'sqltest'           ORDER BY id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'sqltest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
  modcall[authorize]: module "sql" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type "System"
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 29 to 127.0.0.1 port 45799
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 29 with timestamp 4bfd21de
Nothing to do.  Sleeping until we see a request.

please can anyone help me!

thanks for this tutorial! 

tamo

Wow great job, Every thing working fine accept logs and  last connection attempts in dalo radius help me,Thanks

This is a good reference but a bit out of date. Be good if you can change it to reflect updates in daloradius & freeradius2.

For those needing to get this going before changes are made:

Freeradius 2 is now released via RPM for redhat/centos so instead of steps 1 & 2, do :

yum search freeradius2

install as a minimum :

yum install freeradius2
yum install freeradius2-tools

(I didn't have any dependancies that needed installing but you might, so choose Y if asked)

Use the first page here http://freeradius.org/doc/ to complete the install & comfirm that basic radius works from text user config file.

For Step 3 just use the latest version of daloradius as it has been updated & is ready for freeradius2. So you really need to do the start of Step 4 down to the point where you copy over the conf file (don't do this).

Note that for Step 4 I set up my apache ONLY for daloradius, so copied the daloradius stuff into /var/www/html, then set up http for ssl only, removed all the doc stuff from /etc/httpd/conf.d, etc. This is up to you obviously but if you're using apache for daloradius only you might as well...

Now do Step 3 but use the daloradius schema from

{whereever you put it}/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

Back to Step 4, like I said, don't copy the conf file from here (it won't help anyway as the config has been move to a PHP syntax file).

You DO have to edit the php file, though so edit {whereever you put it}/library/daloradius.conf.php  and change the fields as per instructions here. The fields now have the syntax $configValues['CONFIG_DB_USER'] = 'radius';  but the values you need to change are the same.

And like I said above, my apache is for daloradius only so I just changed the main details in the apache config file rather than setting up an alias.

All good.

thanks man great post. did the configuration and everything OK.

regards.

I followed these instructions and when i tried to login to daloradius i get:

Database connection error Error Message: DB Error: connect failed

Any ideas where i have gone wrong? The only thing i did different is change the 0.9.

the password must should Be same on Both mysql root user and daloradius-sql.conf file. edit the sql.conf file dB_user field is normally Blank so input there mysql root user. then u will Be fix this error.

Thanks for the posting this article.

Regards,

 SHA

This is a great great post.

keep it up !

Hi,

Great post . But would you please give me a solution or link that how to authenticate freeradius.net with xampp server (php mysql).

Thanks at all.

Great tutorial but this doesn't seem to be on CentOS like you said. On CentOS, the http directory is located at /var/www/html  not /var/www

He sets up an alias for the directory at the end with: Alias /myradius "/var/www/daloradius-0.9-7/"