LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 02-26-2010, 10:57 PM   #1
Schurrly
LQ Newbie
 
Registered: Feb 2010
Posts: 1

Rep: Reputation: 0
Having problems with FreeRADIUS and MySQL Group Check Auths


I recently setup a freeradius 2 server with MySQL and I am having an issue where it doesn't appear to be doing group checks.

If I have a user set to a group it doesn't appear to check the attributes set in that group:

+----+----------+--------------+----+------------------------------------------+
| id | username | attribute | op | value |
+----+----------+--------------+----+------------------------------------------+
| 15 | user1 | SHA-Password | := | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 |
+----+----------+--------------+----+------------------------------------------+
1 row in set (0.00 sec)

mysql> select * from radusergroup where username = 'user1';
+----------+-----------+----------+
| username | groupname | priority |
+----------+-----------+----------+
| user1 | admin | 1 |
+----------+-----------+----------+
1 row in set (0.00 sec)

mysql> select * from radgroupcheck where groupname = 'admin';
+----+-----------+----------------+----+--------+
| id | groupname | attribute | op | value |
+----+-----------+----------------+----+--------+
| 3 | admin | NAS-Identifier | == | Adtran |
+----+-----------+----------------+----+--------+
1 row in set (0.00 sec)


If I understand correctly the following request should be denied because the NAS-Identifier in the request doesn't match the one specified in the groupcheck table. However, it is replying with Accept-Accept.



rad_recv: Access-Request packet from host 64.185.12.105 port 7458, id=61, length=56
User-Name = "user1"
User-Password = "password"
NAS-Identifier = "Zhone MxK"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> user1
rlm_sql (sql): sql_set_user escaped user --> 'user1'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user1' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'user1' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admin' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Normalizing SHA-Password from hex encoding
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "password"
rlm_pap: Using SHA1 encryption.
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [user1/password] (from client lab-mxk-1 port 0)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> user1
rlm_sql (sql): sql_set_user escaped user --> 'user1'
expand: %{User-Password} -> password
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user1', 'password', 'Access-Accept', '2010-02-24 10:56:24')
expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user1', 'password', 'Access-Accept', '2010-02-24 10:56:24')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'user1', 'password', 'Access-Accept', '2010-02-24 10:56:24')
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 61 to 64.185.12.105 port 7458
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 61 with timestamp +9
Ready to process requests.


Any help would be greatly appreciated.

Thanks,
Craig
 
  


Reply

Tags
freeradius, mysql


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSUSE 11.1 + Freeradius + mysql (problem with mysql) JamesWhetherly Linux - Networking 1 09-03-2009 03:10 AM
Freeradius with Mysql not working on Fedora 10 cezaronne Linux - Networking 4 03-26-2009 04:41 AM
Wifi + FreeRadius + MySQL saman Linux - Wireless Networking 17 09-14-2008 12:40 PM
MySQL and FreeRadius Connectivity how to?? AZIMBD03 Linux - Networking 1 02-04-2007 05:57 AM
Poptop + Freeradius + MySQL + DNAT emphaze Linux - Networking 4 01-04-2006 04:55 PM


All times are GMT -5. The time now is 06:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration