Zitat von yao guoxian <yaoguoxian (AT) gmail (DOT) com>:

Platform and Environment:
Freeradius:1.0.5 on Redhat 9

Step:
1. create database radius;
2.mysql -uroot -prootpass radius < db_mysql.sql ;
3.Edit radiusd.conf and sql.conf;
Debug Result:
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 202.117.7.223:1490, id=6,
length=47
User-Name = "barney"
CHAP-Password =
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "barney", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
radius_xlat: 'barney'
rlm_sql (sql): sql_set_user escaped user 'barney'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FRM
radcheck WHERE Username = 'barney' RDER BY id'
rlm_sql (sql): Ignoring unconnected handle 4
rlm_sql (sql): Ignoring unconnected handle 3
rlm_sql (sql): Ignoring unconnected handle 2
rlm_sql (sql): Ignoring unconnected handle 1
rlm_sql (sql): Ignoring unconnected handle 0
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
modcall[authorize]: module "sql" returns fail for request 2
modcall: group authorize returns fail for request 2
Finished request 2
Going to the next request
Walking the entire request list
Waking up in 6 seconds
rad_recv: Access-Request packet from host 202.117.7.223:1490, id=6,
length=47
Discarding duplicate request from client liv1:1490 - ID: 6
Walking the entire request list
Waking up in 2 seconds
Walking the entire request list
Cleaning up request 2 ID 6 with timestamp 45bca7cb
Nothing to do. Sleeping until we see a request.

From the above results, I guess mysql doesnt work. But I can access
databases from the command line .The Freeradius Server worked well when I
use the "user", not using MySQL.
Any suggestion?

Did you double-check the settings in sql.conf? It seems that
freeradius can not connect to the mysql server.
The startup messages (in debug mode) at my installation has the lines:

sql: safe-characters =
"@ /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radiusd@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)

Do you see those?

Regards
markus

Thanks for reply.
The startup message(in debug mode) on my machine:

sql: safe-characters =
"@ /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server root@localhost:radius
rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through
socket '/var/lib/mysql/mysql.sock' (2)'
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
Module: Instantiated sql (sql)

The settings of sql.conf is like followings:
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "root"
password = "123"

# Database table configuration
radius_db = "radius"

acct_table1 = "radacct"
acct_table2 = "radacct"

# Allow for storing data after authentication
postauth_table = "radpostauth"

authcheck_table = "radcheck"
authreply_table = "radreply"

groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"

usergroup_table = "usergroup"

# Table to keep radius client info
nas_table = "nas"

# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql

# number of sql connections to make to server
num_sql_socks = 5

# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60

sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
sql_user_name = "%{User-Name}"
authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
FRM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
RDER BY id"
authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
FRM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
RDER BY id"

Is anything wrong with the settings?

2007/1/28, Markus Krause <krause (AT) biochem (DOT) mpg.de>:

Zitat von yao guoxian <yaoguoxian (AT) gmail (DOT) com>:

Platform and Environment:
Freeradius:1.0.5 on Redhat 9

Step:
1. create database radius;
2.mysql -uroot -prootpass radius < db_mysql.sql ;
3.Edit radiusd.conf and sql.conf;
Debug Result:
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 202.117.7.223:1490, id=6,
length=47
User-Name = "barney"
CHAP-Password =
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "barney", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
radius_xlat: 'barney'
rlm_sql (sql): sql_set_user escaped user 'barney'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FRM
radcheck WHERE Username = 'barney' RDER BY id'
rlm_sql (sql): Ignoring unconnected handle 4
rlm_sql (sql): Ignoring unconnected handle 3
rlm_sql (sql): Ignoring unconnected handle 2
rlm_sql (sql): Ignoring unconnected handle 1
rlm_sql (sql): Ignoring unconnected handle 0
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to
connect 0
modcall[authorize]: module "sql" returns fail for request 2
modcall: group authorize returns fail for request 2
Finished request 2
Going to the next request
Walking the entire request list
Waking up in 6 seconds
rad_recv: Access-Request packet from host 202.117.7.223:1490, id=6,
length=47
Discarding duplicate request from client liv1:1490 - ID: 6
Walking the entire request list
Waking up in 2 seconds
Walking the entire request list
Cleaning up request 2 ID 6 with timestamp 45bca7cb
Nothing to do. Sleeping until we see a request.

From the above results, I guess mysql doesnt work. But I can access
databases from the command line .The Freeradius Server worked well when
I
use the "user", not using MySQL.
Any suggestion?

Did you double-check the settings in sql.conf? It seems that
freeradius can not connect to the mysql server.
The startup messages (in debug mode) at my installation has the lines:

sql: safe-characters =
"@ /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to radiusd@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)

Do you see those?

Regards
markus
--

yao guoxian wrote:
rlm_sql_mysql: Mysql error 'Host '202.117.7.243 <http://202.117.7.243>'
is not allowed to connect to this MySQL server'

I assume this is a test server and is tightly controlled

Login to MySQL as root on the command line.
Type this:

GRANT ALL N T root (AT) 202 (DOT) 117.7.243 IDENTIFIED BY 'mysql-root-pass';

That will let you do what you are trying to do. Then go read the MySQL
documentation on server security. You really should not be using the
root account. Create a new user for radius queries and only give it the
access it needs. Then REVKE the rights I just had you GRANT above.

Yes, 202.117.7.243 is the MySQL server's IP.The problem is that I can not
login to MySQL on the command line.
The following is the input commands and output responses to them:
input command: ./bin/mysqld_safe
output results: Starting mysqld daemon with databases from
/
input command:./bin/mysql -u root -p
output results:Enter password:
ERRR 1045 (28000): Access denied for user 'root'@'localhost' (using
password: YES)
input command:./bin/mysql -u root
output results:Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.20-standard-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>
Notice: the third input command is not with "-p".

I have done the following steps to reset user "root"'s password:
# killall -TERM mysqld
#./bin/mysql_safe &
#./mysql -u root
>use mysql;
>update user set password=password('the-new-password') where
user='root';
>flush priviliges;
>quit;
But it didn't work. At first I could use #./bin/mysql_safe
& and #./mysql -u root to enter into the command
line environmeng of mysql ,
while the two commands doesn't take effect now. The response to
#./bin/mysql_safe & is like follows:
[root@nic219 ]# bin/mysqld_safe
&
[1] 4542
[root@nic219 ]# Starting mysqld daemon with
databases from / /data
STPPING server from pid file /
/data/nic219.pid
070129 15:40:21 mysqld ended

2007/1/30, Dennis Skinner <dskinner (AT) bluefrog (DOT) com>:

yao guoxian wrote:
rlm_sql_mysql: Mysql error 'Host '202.117.7.243 <http://202.117.7.243>'
is not allowed to connect to this MySQL server'

I assume this is a test server and is tightly controlled

Login to MySQL as root on the command line.
Type this:

GRANT ALL N T root (AT) 202 (DOT) 117.7.243 IDENTIFIED BY 'mysql-root-pass';

That will let you do what you are trying to do. Then go read the MySQL
documentation on server security. You really should not be using the
root account. Create a new user for radius queries and only give it the
access it needs. Then REVKE the rights I just had you GRANT above.

yao guoxian wrote:
input command:./bin/mysql -u root
output results:Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.20-standard-log

*sigh*

You installed MySQL but did none of the security things that it probably
told you to do during the install (that it definitely tells you to do in
the manual). Please go read the docs for MySQL. You are not having
FreeRADIUS problems, you are having MySQL problems, the largest of which
is that you haven't read the manual.

Here's a hint, you didn't need to reset the root password, you never set
one in the first place! Now, go read.