freeradius与mySQL联用的最简单例程失败,不知原因出在哪里
下面是我对数据库mysql的操作
1.
mysqladmin -u root -p create radius
2.
mysql -u root -p < /etc/freeradius/sql/mysql/admin.sql
3.
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql
4.
mysql -u root -p radius
INSERT INTO radcheck (username, attribute, op, value) VALUES
('bob', 'Cleartext-Password', ':=', 'passbob');
INSERT INTO radreply (username, attribute, op, value) VALUES
('bob', 'Reply-Message', '=', 'Hello Bob!');
接着我按网上的教程成功启用了freeradius的SQL模块,
然后我执行了radtest bob passbob 127.0.0.1 100 testing123来测试,freeradius输出如下
(0) Received Access-Request Id 236 from 127.0.0.1:34001 to 127.0.0.1:1812 length 73
(0) User-Name = 'bob'
(0) User-Password = 'passbob'
(0) NAS-IP-Address = 127.0.1.1
(0) NAS-Port = 100
(0) Message-Authenticator = 0xc407df3a9996ca6be1515500fe63ca18
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (!&User-Name) {
(0) if (!&User-Name) -> FALSE
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@.*@/ ) {
(0) if (&User-Name =~ /@.*@/ ) -> FALSE
(0) if (&User-Name =~ /../ ) {
(0) if (&User-Name =~ /../ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+).(.+)$/)) -> FALSE
(0) if (&User-Name =~ /.$/) {
(0) if (&User-Name =~ /.$/) -> FALSE
(0) if (&User-Name =~ /@./) {
(0) if (&User-Name =~ /@./) -> FALSE
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "bob", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) sql: EXPAND %{User-Name}
(0) sql: --> bob
(0) sql: SQL-User-Name set to 'bob'
rlm_sql (sql): Reserved connection (4)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'bob' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (4)
rlm_sql (sql): Closing connection (0), from 1 unused connections
(0) [sql] = notfound
(0) [expiration] = noop
(0) [logintime] = noop
(0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0) [pap] = noop
(0) } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) sql: EXPAND .query
(0) sql: --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (4)
(0) sql: EXPAND %{User-Name}
(0) sql: --> bob
(0) sql: SQL-User-Name set to 'bob'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(0) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'bob', 'passbob', 'Access-Reject', '2015-06-02 00:35:33')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (4)
(0) [sql] = ok
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> bob
(0) attr_filter.access_reject: Matched entry DEFAULT at line 18
(0) [attr_filter.access_reject] = updated
(0) [eap] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) <delay>: Sending delayed response
(0) <delay>: Sent Access-Reject Id 236 from 127.0.0.1:1812 to 127.0.0.1:34001 length 20
Waking up in 3.9 seconds.
(0) <delay>: Cleaning up request packet ID 236 with timestamp +48
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我已经解决了,是驱动没选好,driver因该选为rml_sql_mysql
/etc/raddb/sites-enabled/default中post-auth Post-Auth-Type REJECT 中sql的注释去掉