freeradius与mySQL联用的最简单例程失败,不知原因出在哪里

孤-CLX 发布于 2015/06/02 12:53
阅读 3K+
收藏 0

下面是我对数据库mysql的操作

1. 
mysqladmin -u root -p create radius
2. 
mysql -u root -p < /etc/freeradius/sql/mysql/admin.sql
3. 
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
4.
mysql -u root -p radius
INSERT INTO radcheck (username, attribute, op, value) VALUES
('bob', 'Cleartext-Password', ':=', 'passbob');
INSERT INTO radreply (username, attribute, op, value) VALUES
('bob', 'Reply-Message', '=', 'Hello Bob!');

接着我按网上的教程成功启用了freeradius的SQL模块,

然后我执行了radtest bob passbob 127.0.0.1 100 testing123来测试,freeradius输出如下


(0) Received Access-Request Id 236 from 127.0.0.1:34001 to 127.0.0.1:1812 length 73

(0)   User-Name = 'bob'
(0)   User-Password = 'passbob'
(0)   NAS-IP-Address = 127.0.1.1
(0)   NAS-Port = 100
(0)   Message-Authenticator = 0xc407df3a9996ca6be1515500fe63ca18
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0)   authorize {
(0)     policy filter_username {
(0)       if (!&User-Name) {
(0)       if (!&User-Name)  -> FALSE
(0)       if (&User-Name =~ / /) {
(0)       if (&User-Name =~ / /)  -> FALSE
(0)       if (&User-Name =~ /@.*@/ ) {
(0)       if (&User-Name =~ /@.*@/ )  -> FALSE
(0)       if (&User-Name =~ /\.\./ ) {
(0)       if (&User-Name =~ /\.\./ )  -> FALSE
(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)       if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)       if (&User-Name =~ /\.$/)  {
(0)       if (&User-Name =~ /\.$/)   -> FALSE
(0)       if (&User-Name =~ /@\./)  {
(0)       if (&User-Name =~ /@\./)   -> FALSE
(0)     } # policy filter_username = notfound
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "bob", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> bob
(0) sql: SQL-User-Name set to 'bob'
rlm_sql (sql): Reserved connection (4)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql:    --> SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (4)
rlm_sql (sql): Closing connection (0), from 1 unused connections
(0)     [sql] = notfound
(0)     [expiration] = noop
(0)     [logintime] = noop
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0)     [pap] = noop
(0)   } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> bob
(0) sql: SQL-User-Name set to 'bob'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (4)
(0)     [sql] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject:    --> bob
(0) attr_filter.access_reject: Matched entry DEFAULT at line 18
(0)     [attr_filter.access_reject] = updated
(0)     [eap] = noop
(0)     policy remove_reply_message_if_eap {
(0)       if (&reply:EAP-Message && &reply:Reply-Message) {
(0)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(0)       else {
(0)         [noop] = noop
(0)       } # else = noop
(0)     } # policy remove_reply_message_if_eap = noop
(0)   } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) <delay>: Sending delayed response
(0) <delay>: Sent Access-Reject Id 236 from 127.0.0.1:1812 to 127.0.0.1:34001 length 20
Waking up in 3.9 seconds.
(0) <delay>: Cleaning up request packet ID 236 with timestamp +48

个人猜测问题出在 sql: User not found in any groups哪里,但又无从下手。而且很奇怪的是它说

sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')

(0) sql: SQL query returned: success

但我翻遍了整个mysql数据库,找到了radius数据库里的tables  radpostauth,但它里面的值是空的,没有bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33'这些东西。本人MYsql与freeradius小白一个,请各位大神指点一下错在哪里,该如何修改。感激不尽。

加载中
0
l
lihao1982
/etc/raddb/sites-enabled/default中post-auth Post-Auth-Type REJECT 中sql的注释去掉
0
孤-CLX
我已经解决了,是驱动没选好,driver因该选为rml_sql_mysql
返回顶部
顶部