Freeradius configure issue

Discussion in 'HOWTO-Related Questions' started by SaFi2266, Dec 8, 2008.

  1. SaFi2266

    SaFi2266 HowtoForge Supporter

    Freeradius configure issue [SOLVED]

    Dear All
    This is my first post here.
    I'm trying to Setting Up A FreeRADIUS Based AAA Server With MySQL & Management With Daloradius on Ubuntu 8.10 (intrepid) As is well known that the intrepid come with FR 2.x and Because I do not need (openssl, tls, and ttls) I just install FR and it's dependencies from apt-get, then I fellow the tutorial on Authentication, Authorization & Accounting With FreeRadius & MySQL Backend & Web Based Management with Daloradius to proceed with this howto I reached to the point where how can test FR working properly or not, firstly with files module, at this point I am completely confused :confused::confused::confused: because after running FR in debug mode with
    Code:
    freeradius -X
    and from another shell test it with
    Code:
    radtest abc 123 localhost 1812 testing123
    I get the answer like this
    Code:
    Sending Access-Request of id 46 to 127.0.0.1 port 1812
            User-Name = "abc"
            User-Password = "123"
            NAS-IP-Address = 10.10.0.11
            NAS-Port = 1812
    rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=46, length=32
            Reply-Message = "Hello, abc"
    but on debug screen I get this
    Code:
    rad_recv: Access-Request packet from host 127.0.0.1 port 47363, id=46, length=55
            User-Name = "abc"
            User-Password = "123"
            NAS-IP-Address = 10.10.0.11
            NAS-Port = 1812
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "abc", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] No EAP-Message, not doing EAP
    ++[eap] returns noop
    ++[unix] returns notfound
    [files] users: Matched entry abc at line 204
            expand: Hello, %{User-Name} -> Hello, abc
    ++[files] returns ok
            expand: %{User-Name} -> abc
    [sql] sql_set_user escaped user --> 'abc'
    rlm_sql (sql): Reserving sql socket id: 3
            expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'abc'           ORDER BY id
            expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'abc'           ORDER BY priority
    rlm_sql (sql): Released sql socket id: 3
    [sql] User abc not found
    ++[sql] returns notfound
    ++[expiration] returns noop
    ++[logintime] returns noop
    ++[pap] returns updated
    Found Auth-Type = PAP
    +- entering group PAP {...}
    [pap] login attempt with password "123"
    [pap] Using clear text password "123"
    [pap] [COLOR="Red"]User authenticated successfully[/COLOR]
    ++[pap] returns ok
    +- entering group post-auth {...}
            expand: %{User-Name} -> abc
    [sql] sql_set_user escaped user --> 'abc'
            expand: %{User-Password} -> 123
            expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'abc',                           '123',                           [COLOR="Red"]'Access-Accept'[/COLOR], '2008-12-08 09:13:52')
    rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'abc',                           '123',                           [COLOR="Red"]'Access-Accept'[/COLOR], '2008-12-08 09:13:52')
    rlm_sql (sql): Reserving sql socket id: 2
    rlm_sql_mysql: MYSQL check_error: 1054 received
    rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'
    rlm_sql (sql): Released sql socket id: 2
    ++[sql] returns fail
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
            expand: %{User-Name} -> abc
     attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 0 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 0
    Sending Access-Reject of id 46 to 127.0.0.1 port 47363
            Reply-Message = "Hello, abc"
    Waking up in 4.9 seconds.
    Cleaning up request 0 ID 46 with timestamp +95
    
    What is supposed that's mean is it FR working or not, forgive me if this is stupid question but I need confirmation to proceed or rechech the configuration from beginning

    TIA
    SaFi
     
    Last edited: Dec 11, 2008
  2. SaFi2266

    SaFi2266 HowtoForge Supporter

    Ubuntu 8.10 & FreeRADIUS 2.x Management With DaloRADIUS 0.9-7

    Hi, again

    Since posting this issue and I'm keep trying to find a proper solution to get finally all configurations worked. I've read all the conf files, doing a lot of searches. at last I discover that I was hasty reckless and inattentive.

    Now you can concern this is little modification to get FreeRADIUS on Ubuntu 8.10 work with daloRADIUS 0.9-7 perfectly.

    First of all you can fellow this Howto till to reach when FR start, it seem it is started with something like this
    Code:
    /var/run/freeradius/freeradius.pid not found
    in fact FR didn't work in spite it tell it Start [OK]
    to fix this go to /etc/freeradius/radiusd.conf search on
    Code:
    run_dir = ${localstatedir}/run/radiusd
    change it to
    Code:
    run_dir = ${localstatedir}/run/freeradius
    and replace
    Code:
    pidfile = ${run_dir}/radiusd.pid
    with
    Code:
    pidfile = ${run_dir}/freeradius.pid
    stop FR then restar it
    Code:
    /etc/init.d/freeradius stop
    /etc/init.d/freeradius start
    then FR will started normally and generate it's pid file
    after that you can test FR worked like this: add any user on your local machine to /etc/freeradius/uers then test it with
    Code:
    radtest user passwd localhost 1812 testing123
    it is work for me and I get
    Code:
    Sending Access-Request of id 46 to 127.0.0.1 port 1812
            User-Name = "user"
            User-Password = "passwd"
            NAS-IP-Address = 10.10.0.11
            NAS-Port = 1812
    rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=46, length=32
    then you ready to configure FR with MySQL, it is quite simple thing, just fellow these steps
    1. go to the file /etc/freeradius/sites-enabled/default and comment out sql from the sections {authorize, accounting and session} you can comment unix and files from section {authorize}
    2. add database and user "radius" or whatever name you prefer to your radius db to MySQL server like this
      first login to you server
      Code:
      mysql -u root -p
      then
      Code:
      CREATE DATABASE radius;
      GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
      FLUSH PRIVILEGES;
      exit;
      
      or simply use phpmyadmin for that purpose
    3. edit the file /etc/freeradius/sql.conf to meet your setting (location, username ,password and db name) near the bottom of the file comment out the readclients = no and made it like this
      Code:
      readclients = yes
    4. Download sql_schema & daloradius.conf zipped files to /opt and unzip it
    5. add database schema to your database radius like this
      Code:
      mysql -u root -p radius < /opt/mysql-dalo-and-fr2x.sql
    Now you ready to download daloRADIUS to your PC then move it to your Ubuntu machine in /opt and untar it there.
    to configure it with MySQL & FR you may fellow this steps
    1. edit the file /opt/daloradius.conf to meet your configuration the replace it with original one on /opt/daloradius-0.9-7/library/daloradius.conf
    2. if you didn't install the necessary packages and extensions yet you can do it now by
      Code:
      apt-get install apache2 php5 php5-mysql php5-gd php-pear php5-db
    3. Code:
      cd /opt
      cp daloradius-0.9-7/ /var/www -R
      chown www-data:www-data /var/www/daloradius-0.9-7 -R
      chmod 644 /var/www/daloradius-0.9-7/library/daloradius.conf
      cd /
      
    4. Edit the /etc/apache2/apache2.conf file and append this to the end of the file
      Code:
      Alias /radius-admin "/var/www/daloradius-0.9-7/"
         <Directory /var/www/daloradius-0.9-7/>
            Options None
            order deny,allow
            deny from all
            allow from 127.0.0.1 
            allow from [COLOR="Red"]x.x.x.x[/COLOR] ## [I]assign here whatever IP's addresses that you can access to your daloradius admin from it[/I]
       </Directory>
    5. restart apache
      Code:
      /etc/init.d/apache2 restart
    6. point to http://your-server-ip/radius-admin and login with

      username: administrator
      password: radius
    7. you can now test it by adding your nas to the nas list
    8. Congratulations you are done

    I attach here the two files (schema & conf) in case the it's link broken. please remove txt extension from both after you dl it
     

    Attached Files:

  3. awan

    awan HowtoForge Supporter

    freeradius on desktop or server version ?

    Hey there SaFi2266,
    I´m glad that it finally worked for u. U put quite an effort in documenting all that. It would be nice if u put this in the form of a complete howto.

    The reason I say that is because I´ve ran into lots of ppl who make the mistake of replicating this howto on to ubuntu 8.10 desktop instead of using the server edition, which the original howto was written for.

    Server & Desktop versions have quite a bit of differences & can lead someone to rip their hair off of his head if hes a newbie.

    Anyway I would always deploy server versions on production systems. Mind u intrepid ibex has 18 month support line, unlike 8.4 which run till 2013 ( 5 years).
    Regards
    --
    Oz
     
  4. awan

    awan HowtoForge Supporter

    spam ?

    Hey there falko,
    I was just curious is this spam or its only me having issues translating this ?
    Regards
    --
    Oz
     
  5. patigoal

    patigoal New Member

    freeradius accounting

    Hi all
    i configured my freeradius server with pppoe
    every thing is ok instead of the file acct_user, it contains a sctipts needed to change the session-timeout attr. but nothing is done
    there is no error in the output of (radiuds -X):
    1) can you help me to correct this.
    2) i need a soulution to change a session-timeout for the user when he disconnects.

    regards
     
  6. geolaw

    geolaw New Member

    rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'f

    I also followed the guide and was getting the sql error on the username field.

    My fix - which seems to have fixed at least radius for now was 2 sql queries:

    alter table radpostauth change user username varchar(64);
    alter table radpostauth change date authdate timestamp default CURRENT_TIMESTAMP;
     

Share This Page