utilizei o comando dessa meneira mas mesmo assim continua acusando invalid password:
mysql> VALUES ('jason', 'Password', '=', 'teste');
utilizei o comando dessa meneira mas mesmo assim continua acusando invalid password:
mysql> VALUES ('jason', 'Password', '=', 'teste');
veja no sql.conf qual a query q ele executa pra autenticar.. e roda ela no banco e veja qq retorna
Esse é o meu sql.conf:
# doc/examples/mysql.sql
sql {
# Database type
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "root"
password = "asdf79"
# Database table configuration
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Table to keep radius client info
nas_table = "nas"
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
connect_failure_retry_delay = 60
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
sql_user_name = "%{User-Name}"
#query_on_not_found = no
# authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
# FROM ${authcheck_table} \
# WHERE Username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
# authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
# FROM ${authreply_table} \
# WHERE Username = BINARY '%{SQL-User-Name}' \
# ORDER BY id"
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
# authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${$
# authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${$
authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${$
authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${$
# Accounting Queries
# accounting_onoff_query - query for Accounting On/Off packets
# accounting_update_query - query for Accounting update packets
# accounting_update_query_alt - query for Accounting update packets
# accounting_start_query - query for Accounting start packets
# accounting_start_query_alt - query for Accounting start packets
# accounting_stop_query - query for Accounting stop packets
# accounting_stop_query_alt - query for Accounting start packet
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerm$
accounting_update_query = " \
UPDATE ${acct_table1} \
SET \
FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " \
INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctSessionTime, \
AcctAuthentic, ConnectInfo_start, AcctInputOctets, \
AcctOutputOctets, CalledStationId, CallingStationId, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, XAscendSessionSvrKey) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', \
DATE_SUB('%S', \
INTERVAL (%{Acct-Session-Time:-0} + \
%{Acct-Delay-Time:-0}) SECOND), \
'%{Acct-Session-Time}', \
'%{Acct-Authentic}', '', \
'%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', \
'%{Service-Type}', '%{Framed-Protocol}', \
'%{Framed-IP-Address}', \
'0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " \
INSERT INTO ${acct_table1} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
CalledStationId, CallingStationId, AcctTerminateCause, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', '%S', '0', \
'0', '%{Acct-Authentic}', '%{Connect-Info}', \
'', '0', '0', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
'%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-$
accounting_stop_query = " \
UPDATE ${acct_table2} SET \
AcctStopTime = '%S', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}', \
AcctTerminateCause = '%{Acct-Terminate-Cause}', \
AcctStopDelay = '%{Acct-Delay-Time:-0}', \
ConnectInfo_stop = '%{Connect-Info}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " \
INSERT INTO ${acct_table2} \
(AcctSessionId, AcctUniqueId, UserName, \
Realm, NASIPAddress, NASPortId, \
NASPortType, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
CalledStationId, CallingStationId, AcctTerminateCause, \
ServiceType, FramedProtocol, FramedIPAddress, \
AcctStartDelay, AcctStopDelay) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', \
DATE_SUB('%S', \
INTERVAL (%{Acct-Session-Time:-0} + \
%{Acct-Delay-Time:-0}) SECOND), \
'%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \
'%{Connect-Info}', \
'%{Acct-Input-Gigawords:-0}' << 32 | \
'%{Acct-Input-Octets:-0}', \
'%{Acct-Output-Gigawords:-0}' << 32 | \
'%{Acct-Output-Octets:-0}', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', \
'%{Acct-Terminate-Cause}', \
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
'0', '%{Acct-Delay-Time:-0}')"
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "SELECT COUNT(*) \
#FROM ${acct_table1} \
#WHERE UserName='%{SQL-User-Name}' \
#AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, \
NASIPAddress, NASPortId, FramedIPAddress, \
CallingStationId, FramedProtocol \
FROM ${acct_table1} \
WHERE UserName='%{SQL-User-Name}' \
AND AcctStopTime = 0"
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
postauth_query = "INSERT into ${postauth_table} (user, pass, reply, date) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-$
# Set to 'yes' to read radius clients from the database ('nas' table)
#readclients = yes
}
Qual seria o camando para verificar se essa query ta funcionando certinho AQUI.
Esse é o meu arquivo de log do radius:
Fri Aug 31 22:07:34 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [suporte]
Fri Aug 31 22:07:34 2007 : Auth: Login incorrect: [suporte/\241E7\340d\r\255\216R|\347\306]\367]x] (from client local port 0)
Fri Aug 31 22:08:09 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [jason]
Fri Aug 31 22:08:09 2007 : Auth: rlm_unix: [jason]: invalid password
Fri Aug 31 22:08:09 2007 : Auth: Login incorrect: [jason/\352\271d\246Y\243\325\235?>&\337\225rp"] (from client local port 0)
Fri Aug 31 22:08:54 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [jason]
Fri Aug 31 22:08:54 2007 : Auth: rlm_unix: [jason]: invalid password
Fri Aug 31 22:08:54 2007 : Auth: Login incorrect: [jason/Q\022{s]g-\021\010r7\370\017\202] (from client local port 0)
Fri Aug 31 22:09:28 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [teste]
Fri Aug 31 22:09:28 2007 : Auth: Login incorrect: [teste/ZF+\014_\322F\267P\020\031gL\232O\233] (from client local port 0)
Usando o ntraping
com um usuaro do sistem autentica:
Fri Aug 31 22:11:11 2007 : Auth: Login OK: [root/ks93am25] (from client 192.168.9.7 port 0)
com um usuario do banco de dados do mysql não autentica
Fri Aug 31 22:12:21 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [suporte]
Fri Aug 31 22:12:21 2007 : Auth: Login incorrect: [suporte/123456] (from client 192.168.9.7 port 0)
cola teu radius.conf acho que ja sei onde eh o erro..
tem uma diretiva que vc escolhe onde ele vai autenticar.. deve ter shadow ou passwd ou unix.. e dps sql..
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd.
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = root
group = nobody
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
#listen {
#
# ipaddr = *
#
# port = 0
#
# type = auth
}
hostname_lookups = no
allow_core_dumps = yes
regular_expressions = no
extended_expressions = no
log_stripped_names = yes
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
security {
max_attributes = 200
reject_delay = 1
status_server = yes
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = yes
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 250
}
modules {
# name [ instance ] {
# config_item = value
# ...
# }
#
# The replacement is "auto_header = yes".
pap {
auto_header = no
}
# CHAP module
chap {
authtype = PAP
}
pam {
pam_auth = radiusd
}
unix {
# Cache /etc/passwd, /etc/shadow, and /etc/grou
# cache = yes
# Reload the cache every 600 seconds (10mins). 0 to disable.
# cache_reload = 600
# Define the locations of the normal passwd, shadow, and
# passwd = /etc/passwd
# shadow = /etc/shadow
# radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
#use_mppe = no
#require_encryption = yes
#require_strong = yes
#with_ntdomain_hack = no
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --$
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
edir_account_policy_check=no
#
# groupname_attribute = cn
# groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-User$
# groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
# allowed values: {no, yes}
# set_auth_type = yes
}
#passwd etc_smbpasswd {
# filename = /etc/smbpasswd
# format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
# authtype = MS-CHAP
# hashsize = 100
# ignorenislike = no
# allowmultiplekeys = no
#}
# Similar configuration, for the /etc/group file. Adds a Group-Name
#
#passwd etc_group {
# filename = /etc/group
# format = "=Group-Name:::*,User-Name"
# hashsize = 50
# ignorenislike = yes
# allowmultiplekeys = yes
# delimiter = ":"
realm IPASS {
format = prefix
delimiter = "/"
ignore_default = no
ignore_null = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
realm realmpercent {
format = suffix
delimiter = "%"
ignore_default = no
ignore_null = no
}
realm ntdomain {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
checkval {
# The attribute to look for in the request
item-name = Calling-Station-Id
check-name = Calling-Station-Id
# string,integer,ipaddr,date,abinary,octets
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
# sql_log {
# }
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
# Where the file is stored. It's not a log file,
# so it doesn't need rotating.
#
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
session-db = ${raddbdir}/db.ippool
}
instantiate {
exec
expr
# daily
}
authorize {
preprocess# auth_log
# attr_filter
#chap
mschap
# digest
suffix
# ntdomain
# See "Authorization Queries" in sql.conf
sql
# etc_smbpasswd
# ldap# daily
# checkval
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
# Auth-Type LDAP {
# ldap
# }
# eap
}
preacct {
preprocess
# acct_unique
# IPASS
# suffix
# ntdomain
files
}
accounting {
# detail
# daily
# unix
# main_pool
# sqlippool
# See "Accounting queries" in sql.conf
sql
# sql_log
# pgsql-voip
}
session {
# radutmp
# See "Simultaneous Use Checking Querie" in sql.conf
sql
}
post-auth {
# main_pool
# sqlippool
# reply_log
# See "Authentication Logging Queries" in sql.conf
sql# sql_log
# ldap
# Post-Auth-Type REJECT {
# insert-module-name-here
# }pre-proxy {
# attr_rewrite
# files
# pre_proxy_log
}
post-proxy {
# post_proxy_log
# attr_rewrite
# attr_filter
eap
}
ola pessoal..alguem pode me ajudar...
radiusd -X
me retorna um erro assim:
Module: Library search path is /usr/local/lib
radiusd.conf[1600] Failed to link to module 'rlm_exec': rlm_exec.a: cannot open shared object file: No such file or directory
ja olhei no /usr/local/lib e esta lah o arquivo rlm_exec.a
nao sei o q é...ja usei o ./configure --disable-shared
mas nao sei o q é...
espero ajudas..obrigado.