+ Responder ao Tópico



  1. #1

    Padrão Freeradius no Ubuntu 10.10 com Mysql

    Instalei e testei o Freeradius em sua ultima versão. Funciomou perfeitamente. Meus problemas começaram quando resolvi fazer as autencicações via Mysql. O Freeradius se loga normalmente na base de dados. Vejo isso rodando no modo debug "Freeradius -X" . Criei um usuário na base de dados na tabela correta, um grupo e tudo mais, mas quando vou fazer um teste no modo debug ocorre o seguinte erro:

    rad_recv: Access-Request packet from host 200.112.176.9 port 60532, id=0, length=48
    User-Name = "marcelo"
    CHAP-Password = 0x4acd039438f6f3b563005d7534bbfad456
    +- entering group authorize {...}
    ++[preprocess] returns ok
    [chap] Setting 'Auth-Type := CHAP'
    ++[chap] returns ok
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "marcelo", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] No EAP-Message, not doing EAP
    ++[eap] returns noop
    rlm_sql (sql): Reserving sql socket id: 3
    [sql] expand: ->
    [sql] Error generating query; rejecting user
    rlm_sql (sql): Released sql socket id: 3
    ++[sql] returns fail
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
    [attr_filter.access_reject] expand: %{User-Name} -> marcelo
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 1 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 1
    Sending Access-Reject of id 0 to 200.112.176.9 port 60532
    Waking up in 4.9 seconds.
    Cleaning up request 1 ID 0 with timestamp +2556
    Ready to process requests.



    Já i os foruns de trás para frente e de frente para traz mas, solução de verdade nada feito. Preciso de ajuda. Obrigado

  2. #2

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Posta ai teus arquivos de configuração pra eu poder dar uma olhada talvez consiga te ajudar.

    Coloca as telas de configuração do mikrotik, e diga se esta usando pppoe ou hotspot.

    Posta ai q talvez consiga te ajudar.

    Att.Juliano

  3. #3

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Obrigado pela resposta Juliano.

    O Mikrotik ainda não está em operação. Primeiro preciso resolver esse problema. Estou usando NTRad para testar um cliente, se ele se conectar, o Mikrotik se conecta numa boa. Como te disse, sem o mysql usando apenas o arquivo clients eu conectei inclusive o mikrotik sem problemas. A coisa emperra quando vou usar o mysql. Conforme enviei o log. Essa é a questão

  4. #4

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Para que possamos lhe ajudar responda abaixo.
    01 - Vc já configurou o radius.conf ???
    02 - Configurou o sql.conf
    03 - Deu privilegios no mysql para o usuario cadastrado no radius ???

    Att.Juliano

  5. #5

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Você configurou no freeradius a senha para se conectar ao mysql? O erro parece ser por aí.

  6. #6

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Parte 1

    root@cpro1292:/etc/freeradius/modules# freeradius -X
    FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11
    Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    You may redistribute copies of FreeRADIUS under the terms of the
    GNU General Public License v2.
    Starting - reading configuration files ...
    including configuration file /etc/freeradius/radiusd.conf
    including configuration file /etc/freeradius/clients.conf
    including files in directory /etc/freeradius/modules/
    including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
    including configuration file /etc/freeradius/modules/expiration
    including configuration file /etc/freeradius/modules/checkval
    including configuration file /etc/freeradius/modules/files
    including configuration file /etc/freeradius/modules/detail.log
    including configuration file /etc/freeradius/modules/ntlm_auth
    including configuration file /etc/freeradius/modules/attr_rewrite
    including configuration file /etc/freeradius/modules/radutmp
    including configuration file /etc/freeradius/modules/linelog
    including configuration file /etc/freeradius/modules/digest
    including configuration file /etc/freeradius/modules/pap
    including configuration file /etc/freeradius/modules/attr_filter
    including configuration file /etc/freeradius/modules/acct_unique
    including configuration file /etc/freeradius/modules/mschap
    including configuration file /etc/freeradius/modules/krb5
    including configuration file /etc/freeradius/modules/smbpasswd
    including configuration file /etc/freeradius/modules/echo
    including configuration file /etc/freeradius/modules/otp
    including configuration file /etc/freeradius/modules/ldap
    including configuration file /etc/freeradius/modules/counter
    including configuration file /etc/freeradius/modules/inner-eap
    including configuration file /etc/freeradius/modules/policy
    including configuration file /etc/freeradius/modules/expr
    including configuration file /etc/freeradius/modules/logintime
    including configuration file /etc/freeradius/modules/smsotp
    including configuration file /etc/freeradius/modules/sql_log
    including configuration file /etc/freeradius/modules/perl
    including configuration file /etc/freeradius/modules/etc_group
    including configuration file /etc/freeradius/modules/unix
    including configuration file /etc/freeradius/modules/preprocess
    including configuration file /etc/freeradius/modules/pam
    including configuration file /etc/freeradius/modules/mac2ip
    including configuration file /etc/freeradius/modules/mac2vlan
    including configuration file /etc/freeradius/modules/detail.example.com
    including configuration file /etc/freeradius/modules/sradutmp
    including configuration file /etc/freeradius/modules/wimax
    including configuration file /etc/freeradius/modules/always
    including configuration file /etc/freeradius/modules/ippool
    including configuration file /etc/freeradius/modules/cui
    including configuration file /etc/freeradius/modules/detail
    including configuration file /etc/freeradius/modules/exec
    including configuration file /etc/freeradius/modules/passwd
    including configuration file /etc/freeradius/modules/realm
    including configuration file /etc/freeradius/modules/chap
    including configuration file /etc/freeradius/eap.conf
    including configuration file /etc/freeradius/sql.conf
    including configuration file /etc/freeradius/sql/mysql/counter.conf
    including configuration file /etc/freeradius/policy.conf
    including files in directory /etc/freeradius/sites-enabled/
    including configuration file /etc/freeradius/sites-enabled/inner-tunnel
    including configuration file /etc/freeradius/sites-enabled/default
    main {
    user = "freerad"
    group = "freerad"
    allow_core_dumps = no
    }
    including dictionary file /etc/freeradius/dictionary
    main {
    prefix = "/usr"
    localstatedir = "/var"
    logdir = "/var/log/freeradius"
    libdir = "/usr/lib/freeradius"
    radacctdir = "/var/log/freeradius/radacct"
    hostname_lookups = no
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    pidfile = "/var/run/freeradius/freeradius.pid"
    checkrad = "/usr/sbin/checkrad"
    debug_level = 0
    proxy_requests = yes
    log {
    stripped_names = no
    auth = no
    auth_badpass = no
    auth_goodpass = no
    }
    security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
    }
    }
    radiusd: #### Loading Realms and Home Servers ####
    radiusd: #### Loading Clients ####
    client localhost {
    ipaddr = 127.0.0.1
    require_message_authenticator = no
    secret = "testing123"
    nastype = "other"
    }
    client 189.112.176.20 {
    require_message_authenticator = no
    secret = "manaus"
    shortname = "Mikrotik"
    }
    client 189.112.176.9 {
    require_message_authenticator = no
    secret = "manaus"
    shortname = "marcelo"
    }
    radiusd: #### Instantiating modules ####
    instantiate {
    Module: Linked to module rlm_exec
    Module: Instantiating exec
    exec {
    wait = no
    input_pairs = "request"
    shell_escape = yes
    }
    Module: Linked to module rlm_expr
    Module: Instantiating expr
    Module: Linked to module rlm_expiration
    Module: Instantiating expiration
    expiration {
    reply-message = "Password Has Expired "
    }
    Module: Linked to module rlm_logintime
    Module: Instantiating logintime
    logintime {
    reply-message = "You are calling outside your allowed timespan "
    minimum-timeout = 60
    }
    }
    radiusd: #### Loading Virtual Servers ####
    server inner-tunnel {
    modules {
    Module: Checking authenticate {...} for more modules to load
    Module: Linked to module rlm_pap
    Module: Instantiating pap
    pap {
    encryption_scheme = "auto"
    auto_header = no
    }
    Module: Linked to module rlm_chap
    Module: Instantiating chap
    Module: Linked to module rlm_mschap
    Module: Instantiating mschap
    mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = no
    }
    Module: Linked to module rlm_unix
    Module: Instantiating unix
    unix {
    radwtmp = "/var/log/freeradius/radwtmp"
    }
    Module: Linked to module rlm_eap
    Module: Instantiating eap
    eap {
    default_eap_type = "md5"
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no
    max_sessions = 4096
    }
    Module: Linked to sub-module rlm_eap_md5
    Module: Instantiating eap-md5
    Module: Linked to sub-module rlm_eap_leap
    Module: Instantiating eap-leap
    Module: Linked to sub-module rlm_eap_gtc
    Module: Instantiating eap-gtc
    gtc {
    challenge = "Password: "
    auth_type = "PAP"
    }
    Module: Linked to sub-module rlm_eap_tls
    Module: Instantiating eap-tls
    tls {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    pem_file_type = yes
    private_key_file = "/etc/freeradius/certs/server.key"
    certificate_file = "/etc/freeradius/certs/server.pem"
    CA_file = "/etc/freeradius/certs/ca.pem"
    private_key_password = "whatever"
    dh_file = "/etc/freeradius/certs/dh"
    random_file = "/etc/freeradius/certs/random"
    fragment_size = 1024
    include_length = yes
    check_crl = no
    cipher_list = "DEFAULT"
    make_cert_command = "/etc/freeradius/certs/bootstrap"
    cache {
    enable = no
    lifetime = 24
    max_entries = 255
    }
    }
    Module: Linked to sub-module rlm_eap_ttls
    Module: Instantiating eap-ttls
    ttls {
    default_eap_type = "md5"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    }
    Module: Linked to sub-module rlm_eap_peap
    Module: Instantiating eap-peap
    peap {
    default_eap_type = "mschapv2"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
    }
    Module: Linked to sub-module rlm_eap_mschapv2
    Module: Instantiating eap-mschapv2
    mschapv2 {
    with_ntdomain_hack = no
    }
    Module: Checking authorize {...} for more modules to load
    Module: Linked to module rlm_realm
    Module: Instantiating suffix
    realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
    }
    Module: Linked to module rlm_files
    Module: Instantiating files
    files {
    usersfile = "/etc/freeradius/users"
    acctusersfile = "/etc/freeradius/acct_users"
    preproxy_usersfile = "/etc/freeradius/preproxy_users"
    compat = "no"
    }
    Module: Checking session {...} for more modules to load
    Module: Linked to module rlm_radutmp
    Module: Instantiating radutmp
    radutmp {
    filename = "/var/log/freeradius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    perm = 384
    callerid = yes
    }
    Module: Checking post-proxy {...} for more modules to load
    Module: Checking post-auth {...} for more modules to load
    Module: Linked to module rlm_attr_filter
    Module: Instantiating attr_filter.access_reject
    attr_filter attr_filter.access_reject {
    attrsfile = "/etc/freeradius/attrs.access_reject"
    key = "%{User-Name}"
    }

  7. #7

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Parte 2


    } # modules
    } # server
    server {
    modules {
    Module: Checking authenticate {...} for more modules to load
    Module: Checking authorize {...} for more modules to load
    Module: Linked to module rlm_preprocess
    Module: Instantiating preprocess
    preprocess {
    huntgroups = "/etc/freeradius/huntgroups"
    hints = "/etc/freeradius/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
    }
    Module: Linked to module rlm_sql
    Module: Instantiating sql
    sql {
    driver = "rlm_sql_mysql"
    server = "localhost"
    port = ""
    login = "root"
    password = "manaus"
    radius_db = "radius"
    read_groups = yes
    sqltrace = no
    sqltracefile = "/var/log/freeradius/sqltrace.sql"
    readclients = no
    deletestalesessions = yes
    num_sql_socks = 5
    lifetime = 0
    max_queries = 0
    sql_user_name = ""
    default_user_profile = ""
    nas_query = "SELECT id,nasname,shortname,type,secret FROM nas"
    authorize_check_query = ""
    authorize_group_check_query = ""
    authorize_group_reply_query = ""
    accounting_onoff_query = ""
    accounting_update_query = ""
    accounting_update_query_alt = ""
    accounting_start_query = ""
    accounting_start_query_alt = ""
    accounting_stop_query = ""
    accounting_stop_query_alt = ""
    connect_failure_retry_delay = 60
    simul_count_query = "yes"
    simul_verify_query = "yes"
    postauth_query = ""
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
    }
    rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
    rlm_sql (sql): Attempting to connect to root@localhost:/radius
    rlm_sql (sql): starting 0
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
    rlm_sql_mysql: Starting connect to MySQL server for #0
    rlm_sql (sql): Connected new DB handle, #0
    rlm_sql (sql): starting 1
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
    rlm_sql_mysql: Starting connect to MySQL server for #1
    rlm_sql (sql): Connected new DB handle, #1
    rlm_sql (sql): starting 2
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
    rlm_sql_mysql: Starting connect to MySQL server for #2
    rlm_sql (sql): Connected new DB handle, #2
    rlm_sql (sql): starting 3
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
    rlm_sql_mysql: Starting connect to MySQL server for #3
    rlm_sql (sql): Connected new DB handle, #3
    rlm_sql (sql): starting 4
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
    rlm_sql_mysql: Starting connect to MySQL server for #4
    rlm_sql (sql): Connected new DB handle, #4
    Module: Checking preacct {...} for more modules to load
    Module: Linked to module rlm_acct_unique
    Module: Instantiating acct_unique
    acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }
    Module: Checking accounting {...} for more modules to load
    Module: Linked to module rlm_detail
    Module: Instantiating detail
    detail {
    detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
    header = "%t"
    detailperm = 384
    dirperm = 493
    locking = no
    log_packet_header = no
    }
    Module: Instantiating attr_filter.accounting_response
    attr_filter attr_filter.accounting_response {
    attrsfile = "/etc/freeradius/attrs.accounting_response"
    key = "%{User-Name}"
    }
    Module: Checking session {...} for more modules to load
    Module: Checking post-auth {...} for more modules to load
    } # modules
    } # server
    radiusd: #### Opening IP addresses and Ports ####
    listen {
    type = "auth"
    ipaddr = *
    port = 0
    }
    listen {
    type = "acct"
    ipaddr = *
    port = 0
    }
    Listening on authentication address * port 1812
    Listening on accounting address * port 1813
    Listening on proxy address * port 1814
    Ready to process requests.

  8. #8

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Como pode ver Juliano, fiz tudo o que me questionou.

  9. #9

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Me add no msn q talvez possa lhe ajudar melhor, dps reportamos a solução para futura consulta no forum.

    Att.Juliano

    Msn. [email protected]

  10. #10
    Avatar de ultralaser
    Ingresso
    May 2007
    Localização
    Presidente Prudente
    Posts
    174
    Posts de Blog
    1

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    boa

  11. #11

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    O nosso amigo kyatera configurou o radius certinho, ele me deu acesso ao server dele pra eu olhar e pude perceber algumas divergências no BD sendo elas:

    1 - Ao tentar autenticar, a radius tentava buscar dados em uma tabela chamada radusergroup. Acontece o seguinte nosso amigo kyatera criou o banco de dados com um schema antigo, creio eu que seja da versão 1.7x, onde a essa tabela vinha com o nome de usergroup foi so alterar no sql.conf do freeradius e alterar a variavel que armazenava o nome da tabela ( Outra opção seria alterar o nome da table no BD, mais preferi alterar somente no freeradius mesmo).

    2 - A tabela em questão (radusergroup/usergroup como queiram) estava com 2 campos com nomes trocados, sendo o campo username esta user e o outro campo que não me lembro agora, dai alterei-os e tudo correu certo.

    Espero que seja de referencia para consulta futura.

    Att.Juliano.

  12. #12

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    A base de dados mysql estava com problemas nos nomes das tabelas e configurações. Problema resolvido.
    Juliano Obrigado pela ajuda. Você é o cara. Sempre que quiser conte comigo

  13. #13

    Padrão Re: Freeradius no Ubuntu 10.10 com Mysql

    Vlw kyatera, um grande abrs ai pra vc e sucesso, espero dps q mudar ai pra perto de vc poder fazer-lhe uma visita.

    Att.Juliano

    Citação Postado originalmente por kyatera Ver Post
    A base de dados mysql estava com problemas nos nomes das tabelas e configurações. Problema resolvido.
    Juliano Obrigado pela ajuda. Você é o cara. Sempre que quiser conte comigo