Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. #21

    Padrão

    utilizei o comando dessa meneira mas mesmo assim continua acusando invalid password:
    mysql> VALUES ('jason', 'Password', '=', 'teste');

  2. #22

    Padrão

    veja no sql.conf qual a query q ele executa pra autenticar.. e roda ela no banco e veja qq retorna



  3. #23

    Padrão

    Esse é o meu sql.conf:
    # doc/examples/mysql.sql
    sql {
    # Database type
    driver = "rlm_sql_mysql"

    # Connect info
    server = "localhost"
    login = "root"
    password = "asdf79"

    # Database table configuration
    radius_db = "radius"


    acct_table1 = "radacct"
    acct_table2 = "radacct"

    # Allow for storing data after authentication
    postauth_table = "radpostauth"

    authcheck_table = "radcheck"
    authreply_table = "radreply"

    groupcheck_table = "radgroupcheck"
    groupreply_table = "radgroupreply"

    usergroup_table = "usergroup"

    # Table to keep radius client info
    nas_table = "nas"
    deletestalesessions = yes

    # Print all SQL statements when in debug mode (-x)
    sqltrace = no
    sqltracefile = ${logdir}/sqltrace.sql

    # number of sql connections to make to server
    num_sql_socks = 5

    # number of seconds to dely retrying on a failed database
    connect_failure_retry_delay = 60
    #safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

    sql_user_name = "%{User-Name}"
    #query_on_not_found = no
    # authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
    # FROM ${authcheck_table} \
    # WHERE Username = BINARY '%{SQL-User-Name}' \
    # ORDER BY id"
    # authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
    # FROM ${authreply_table} \
    # WHERE Username = BINARY '%{SQL-User-Name}' \
    # ORDER BY id"

    authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
    FROM ${authcheck_table} \
    WHERE Username = '%{SQL-User-Name}' \
    ORDER BY id"
    authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
    FROM ${authreply_table} \
    WHERE Username = '%{SQL-User-Name}' \
    ORDER BY id"

    # authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${$
    # authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${$

    authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${$
    authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${$

    # Accounting Queries
    # accounting_onoff_query - query for Accounting On/Off packets
    # accounting_update_query - query for Accounting update packets
    # accounting_update_query_alt - query for Accounting update packets
    # accounting_start_query - query for Accounting start packets
    # accounting_start_query_alt - query for Accounting start packets
    # accounting_stop_query - query for Accounting stop packets
    # accounting_stop_query_alt - query for Accounting start packet
    accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerm$

    accounting_update_query = " \
    UPDATE ${acct_table1} \
    SET \
    FramedIPAddress = '%{Framed-IP-Address}', \
    AcctSessionTime = '%{Acct-Session-Time}', \
    AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
    '%{Acct-Input-Octets:-0}', \
    AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
    '%{Acct-Output-Octets:-0}' \
    WHERE AcctSessionId = '%{Acct-Session-Id}' \
    AND UserName = '%{SQL-User-Name}' \
    AND NASIPAddress = '%{NAS-IP-Address}'"
    accounting_update_query_alt = " \
    INSERT INTO ${acct_table1} \
    (AcctSessionId, AcctUniqueId, UserName, \
    Realm, NASIPAddress, NASPortId, \
    NASPortType, AcctStartTime, AcctSessionTime, \
    AcctAuthentic, ConnectInfo_start, AcctInputOctets, \
    AcctOutputOctets, CalledStationId, CallingStationId, \
    ServiceType, FramedProtocol, FramedIPAddress, \
    AcctStartDelay, XAscendSessionSvrKey) \
    VALUES \
    ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
    '%{SQL-User-Name}', \
    '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
    '%{NAS-Port-Type}', \
    DATE_SUB('%S', \
    INTERVAL (%{Acct-Session-Time:-0} + \
    %{Acct-Delay-Time:-0}) SECOND), \
    '%{Acct-Session-Time}', \
    '%{Acct-Authentic}', '', \
    '%{Acct-Input-Gigawords:-0}' << 32 | \
    '%{Acct-Input-Octets:-0}', \

    '%{Called-Station-Id}', '%{Calling-Station-Id}', \
    '%{Service-Type}', '%{Framed-Protocol}', \
    '%{Framed-IP-Address}', \
    '0', '%{X-Ascend-Session-Svr-Key}')"
    accounting_start_query = " \
    INSERT INTO ${acct_table1} \
    (AcctSessionId, AcctUniqueId, UserName, \
    Realm, NASIPAddress, NASPortId, \
    NASPortType, AcctStartTime, AcctStopTime, \
    AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
    ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
    CalledStationId, CallingStationId, AcctTerminateCause, \
    ServiceType, FramedProtocol, FramedIPAddress, \
    AcctStartDelay, AcctStopDelay, XAscendSessionSvrKey) \
    VALUES \
    ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
    '%{SQL-User-Name}', \
    '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
    '%{NAS-Port-Type}', '%S', '0', \
    '0', '%{Acct-Authentic}', '%{Connect-Info}', \
    '', '0', '0', \
    '%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
    '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
    '%{Acct-Delay-Time:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"

    accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-$


    accounting_stop_query = " \
    UPDATE ${acct_table2} SET \
    AcctStopTime = '%S', \
    AcctSessionTime = '%{Acct-Session-Time}', \
    AcctInputOctets = '%{Acct-Input-Gigawords:-0}' << 32 | \
    '%{Acct-Input-Octets:-0}', \
    AcctOutputOctets = '%{Acct-Output-Gigawords:-0}' << 32 | \
    '%{Acct-Output-Octets:-0}', \
    AcctTerminateCause = '%{Acct-Terminate-Cause}', \
    AcctStopDelay = '%{Acct-Delay-Time:-0}', \
    ConnectInfo_stop = '%{Connect-Info}' \
    WHERE AcctSessionId = '%{Acct-Session-Id}' \
    AND UserName = '%{SQL-User-Name}' \
    AND NASIPAddress = '%{NAS-IP-Address}'"


    accounting_stop_query_alt = " \
    INSERT INTO ${acct_table2} \
    (AcctSessionId, AcctUniqueId, UserName, \
    Realm, NASIPAddress, NASPortId, \
    NASPortType, AcctStartTime, AcctStopTime, \
    AcctSessionTime, AcctAuthentic, ConnectInfo_start, \
    ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, \
    CalledStationId, CallingStationId, AcctTerminateCause, \
    ServiceType, FramedProtocol, FramedIPAddress, \
    AcctStartDelay, AcctStopDelay) \
    VALUES \
    ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
    '%{SQL-User-Name}', \
    '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
    '%{NAS-Port-Type}', \
    DATE_SUB('%S', \
    INTERVAL (%{Acct-Session-Time:-0} + \
    %{Acct-Delay-Time:-0}) SECOND), \
    '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \
    '%{Connect-Info}', \
    '%{Acct-Input-Gigawords:-0}' << 32 | \
    '%{Acct-Input-Octets:-0}', \
    '%{Acct-Output-Gigawords:-0}' << 32 | \
    '%{Acct-Output-Octets:-0}', \
    '%{Called-Station-Id}', '%{Calling-Station-Id}', \
    '%{Acct-Terminate-Cause}', \
    '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
    '0', '%{Acct-Delay-Time:-0}')"

    # Uncomment simul_count_query to enable simultaneous use checking
    simul_count_query = "SELECT COUNT(*) \
    #FROM ${acct_table1} \
    #WHERE UserName='%{SQL-User-Name}' \
    #AND AcctStopTime = 0"

    simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, \
    NASIPAddress, NASPortId, FramedIPAddress, \
    CallingStationId, FramedProtocol \
    FROM ${acct_table1} \
    WHERE UserName='%{SQL-User-Name}' \
    AND AcctStopTime = 0"

    group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
    postauth_query = "INSERT into ${postauth_table} (user, pass, reply, date) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-$

    # Set to 'yes' to read radius clients from the database ('nas' table)
    #readclients = yes
    }

    Qual seria o camando para verificar se essa query ta funcionando certinho AQUI.

  4. #24

    Padrão

    Esse é o meu arquivo de log do radius:
    Fri Aug 31 22:07:34 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [suporte]
    Fri Aug 31 22:07:34 2007 : Auth: Login incorrect: [suporte/\241E7\340d\r\255\216R|\347\306]\367]x] (from client local port 0)
    Fri Aug 31 22:08:09 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [jason]
    Fri Aug 31 22:08:09 2007 : Auth: rlm_unix: [jason]: invalid password
    Fri Aug 31 22:08:09 2007 : Auth: Login incorrect: [jason/\352\271d\246Y\243\325\235?>&\337\225rp"] (from client local port 0)
    Fri Aug 31 22:08:54 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [jason]
    Fri Aug 31 22:08:54 2007 : Auth: rlm_unix: [jason]: invalid password
    Fri Aug 31 22:08:54 2007 : Auth: Login incorrect: [jason/Q\022{s]g-\021\010r7\370\017\202] (from client local port 0)
    Fri Aug 31 22:09:28 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [teste]
    Fri Aug 31 22:09:28 2007 : Auth: Login incorrect: [teste/ZF+\014_\322F\267P\020\031gL\232O\233] (from client local port 0)


    Usando o ntraping

    com um usuaro do sistem autentica:


    Fri Aug 31 22:11:11 2007 : Auth: Login OK: [root/ks93am25] (from client 192.168.9.7 port 0)

    com um usuario do banco de dados do mysql não autentica

    Fri Aug 31 22:12:21 2007 : Info: rlm_sql (sql): No matching entry in the database for request from user [suporte]
    Fri Aug 31 22:12:21 2007 : Auth: Login incorrect: [suporte/123456] (from client 192.168.9.7 port 0)



  5. #25

    Padrão

    cola teu radius.conf acho que ja sei onde eh o erro..

    tem uma diretiva que vc escolhe onde ele vai autenticar.. deve ter shadow ou passwd ou unix.. e dps sql..

  6. #26

    Padrão

    prefix = /usr/local
    exec_prefix = ${prefix}
    sysconfdir = ${prefix}/etc
    localstatedir = ${prefix}/var
    sbindir = ${exec_prefix}/sbin
    logdir = ${localstatedir}/log/radius
    raddbdir = ${sysconfdir}/raddb
    radacctdir = ${logdir}/radacct

    confdir = ${raddbdir}
    run_dir = ${localstatedir}/run/radiusd.
    log_file = ${logdir}/radius.log
    libdir = ${exec_prefix}/lib
    pidfile = ${run_dir}/radiusd.pid
    user = root
    group = nobody
    max_request_time = 30
    delete_blocked_requests = no
    cleanup_delay = 5
    max_requests = 1024
    bind_address = *
    port = 0
    #listen {
    #
    # ipaddr = *
    #
    # port = 0
    #
    # type = auth
    }
    hostname_lookups = no
    allow_core_dumps = yes
    regular_expressions = no
    extended_expressions = no
    log_stripped_names = yes
    log_auth = yes
    log_auth_badpass = yes
    log_auth_goodpass = yes
    usercollide = no
    lower_user = no
    lower_pass = no
    nospace_user = no
    nospace_pass = no
    security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
    proxy_requests = yes
    $INCLUDE ${confdir}/proxy.conf
    $INCLUDE ${confdir}/clients.conf
    snmp = yes
    $INCLUDE ${confdir}/snmp.conf
    thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 250
    }
    modules {
    # name [ instance ] {
    # config_item = value
    # ...
    # }
    #
    # The replacement is "auto_header = yes".
    pap {
    auto_header = no
    }

    # CHAP module
    chap {
    authtype = PAP
    }
    pam {
    pam_auth = radiusd
    }
    unix {
    # Cache /etc/passwd, /etc/shadow, and /etc/grou
    # cache = yes
    # Reload the cache every 600 seconds (10mins). 0 to disable.
    # cache_reload = 600
    # Define the locations of the normal passwd, shadow, and
    # passwd = /etc/passwd
    # shadow = /etc/shadow
    # radwtmp = ${logdir}/radwtmp
    }
    $INCLUDE ${confdir}/eap.conf
    mschap {
    #use_mppe = no
    #require_encryption = yes
    #require_strong = yes
    #with_ntdomain_hack = no
    #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --$
    }
    ldap {
    server = "ldap.your.domain"
    basedn = "o=My Org,c=UA"
    filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
    start_tls = no
    access_attr = "dialupAccess"
    dictionary_mapping = ${raddbdir}/ldap.attrmap
    ldap_connections_number = 5
    edir_account_policy_check=no
    #
    # groupname_attribute = cn
    # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-User$
    # groupmembership_attribute = radiusGroupName
    timeout = 4
    timelimit = 3
    net_timeout = 1
    # compare_check_items = yes
    # do_xlat = yes
    # access_attr_used_for_allow = yes
    # allowed values: {no, yes}
    # set_auth_type = yes
    }
    #passwd etc_smbpasswd {
    # filename = /etc/smbpasswd
    # format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
    # authtype = MS-CHAP
    # hashsize = 100
    # ignorenislike = no
    # allowmultiplekeys = no
    #}

    # Similar configuration, for the /etc/group file. Adds a Group-Name
    #
    #passwd etc_group {
    # filename = /etc/group
    # format = "=Group-Name:::*,User-Name"
    # hashsize = 50
    # ignorenislike = yes
    # allowmultiplekeys = yes
    # delimiter = ":"
    realm IPASS {
    format = prefix
    delimiter = "/"
    ignore_default = no
    ignore_null = no
    }
    realm suffix {
    format = suffix
    delimiter = "@"
    ignore_default = no
    ignore_null = no
    }
    realm realmpercent {
    format = suffix
    delimiter = "%"
    ignore_default = no
    ignore_null = no
    }

    realm ntdomain {
    format = prefix
    delimiter = "\\"
    ignore_default = no
    ignore_null = no
    }
    checkval {
    # The attribute to look for in the request
    item-name = Calling-Station-Id
    check-name = Calling-Station-Id
    # string,integer,ipaddr,date,abinary,octets
    data-type = string
    }
    preprocess {
    huntgroups = ${confdir}/huntgroups
    hints = ${confdir}/hints
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    }

    files {
    usersfile = ${confdir}/users
    acctusersfile = ${confdir}/acct_users
    preproxy_usersfile = ${confdir}/preproxy_users
    compat = no
    }
    detail {
    detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
    detailperm = 0600
    }
    # sql_log {
    # }
    acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }
    $INCLUDE ${confdir}/sql.conf
    radutmp {
    # Where the file is stored. It's not a log file,
    # so it doesn't need rotating.
    #
    filename = ${logdir}/radutmp
    username = %{User-Name}
    case_sensitive = yes
    check_with_nas = yes
    callerid = "yes"
    }
    radutmp sradutmp {
    filename = ${logdir}/sradutmp
    perm = 0644
    callerid = "no"
    }

    attr_filter {
    attrsfile = ${confdir}/attrs
    }

    counter daily {
    filename = ${raddbdir}/db.daily
    key = User-Name
    count-attribute = Acct-Session-Time
    reset = daily
    counter-name = Daily-Session-Time
    check-name = Max-Daily-Session
    allowed-servicetype = Framed-User
    cache-size = 5000
    }
    sqlcounter dailycounter {
    counter-name = Daily-Session-Time
    check-name = Max-Daily-Session
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = daily
    query = "SELECT SUM(AcctSessionTime - \
    GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
    FROM radacct WHERE UserName='%{%k}' AND \
    UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }
    sqlcounter monthlycounter {
    counter-name = Monthly-Session-Time
    check-name = Max-Monthly-Session
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = monthly
    query = "SELECT SUM(AcctSessionTime - \
    GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
    FROM radacct WHERE UserName='%{%k}' AND \
    UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    always fail {
    rcode = fail
    }
    always reject {
    rcode = reject
    }
    always ok {
    rcode = ok
    simulcount = 0
    mpp = no
    }
    expr {
    }
    digest {
    }
    exec {
    wait = yes
    input_pairs = request
    }
    exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = request
    output_pairs = reply
    }
    ippool main_pool {
    range-start = 192.168.1.1
    range-stop = 192.168.3.254
    netmask = 255.255.255.0
    cache-size = 800

    ip-index = ${raddbdir}/db.ipindex
    override = no
    maximum-timeout = 0
    }
    session-db = ${raddbdir}/db.ippool
    }
    instantiate {
    exec
    expr
    # daily
    }
    authorize {
    preprocess# auth_log
    # attr_filter
    #chap
    mschap
    # digest
    suffix
    # ntdomain
    # See "Authorization Queries" in sql.conf
    sql
    # etc_smbpasswd
    # ldap# daily
    # checkval
    pap
    }
    authenticate {
    Auth-Type PAP {
    pap
    }
    Auth-Type CHAP {
    chap
    }
    Auth-Type MS-CHAP {
    mschap
    }
    unix

    # Auth-Type LDAP {
    # ldap
    # }
    # eap
    }
    preacct {
    preprocess
    # acct_unique
    # IPASS
    # suffix
    # ntdomain
    files
    }
    accounting {
    # detail
    # daily

    # unix

    # main_pool
    # sqlippool

    # See "Accounting queries" in sql.conf
    sql

    # sql_log

    # pgsql-voip

    }
    session {
    # radutmp
    # See "Simultaneous Use Checking Querie" in sql.conf
    sql
    }
    post-auth {
    # main_pool
    # sqlippool
    # reply_log
    # See "Authentication Logging Queries" in sql.conf
    sql# sql_log
    # ldap
    # Post-Auth-Type REJECT {
    # insert-module-name-here
    # }pre-proxy {
    # attr_rewrite
    # files
    # pre_proxy_log
    }
    post-proxy {
    # post_proxy_log
    # attr_rewrite
    # attr_filter
    eap
    }



  7. #27

    Padrão

    Qual seria o problema que estou tendo como freeradius e com o mysql?

  8. #28

    Padrão

    ola pessoal..alguem pode me ajudar...

    radiusd -X

    me retorna um erro assim:

    Module: Library search path is /usr/local/lib
    radiusd.conf[1600] Failed to link to module 'rlm_exec': rlm_exec.a: cannot open shared object file: No such file or directory

    ja olhei no /usr/local/lib e esta lah o arquivo rlm_exec.a

    nao sei o q é...ja usei o ./configure --disable-shared

    mas nao sei o q é...

    espero ajudas..obrigado.