Re: [Daloradius-users] Help needed configuring Daloradius for newbee

[Kaya S. <kay...@gm...>]

Thanks for the response!

On Sat, Jul 21, 2012 at 7:32 AM, Tobias Hachmer <li...@ko...> wrote:
> Hi Kaya,
>
> Am 20.07.2012 17:19, schrieb Kaya Saman:
>> Being new to FreeRADIUS aswell I managed to get the users file
>> working
>> in order to provision a test switch with Mac
>> Authentication-Bypass.....
>
> OK, that means to create a user which username && password would be the
> MAC address of the supplicant you want to authenticate at the switch.

I have managed to get this working previously (sorry if wasn't clear
in my initial mail).


Basically I have a 'users' file as such:


[root@uk-tst-rad-1-temp raddb]# pwd
/etc/raddb
[root@uk-tst-rad-1-temp raddb]# cat users | more
0015c5537baa Cleartext-Password := "0015c5537baa"
          Tunnel-Type:0 = VLAN,
          Tunnel-Medium-Type:0 = IEEE-802,
          Tunnel-Private-Group-Id:0 = "20",
          Tunnel-Preference = 0x000000


and the switch I'm using has also been properly config and of course
checks have been done to see if working correctly - laptop plugs in
and gets VLAN 20.....

>
>> [sql] User 0015c5537baa not found
> The user you want to authenticate is definitely not in the sql database
> you configured freeradius to search in.
>
>> Just to break things down a little, I used the
>> fr2-mysql-daloradius-freeradius.sql schema file as I hadn't imported
>> anything into SQL yet regarding FreeRADIUS. I have checked that the
>> SQL passwords and users were ok and that they were connecting to the
>> correct server and port: localhost, 3306.
>
> Are you sure to configured to sql module correctyl? This is from your
> log:
>   Module: Instantiating module "sql" from file /etc/raddb/sql.conf
>    sql {
>         driver = "rlm_sql_mysql"
>         server = "localhost"
>         port = ""
>         login = "root"
>         password = ""
>         radius_db = "radius"
>

It turns out the sql.conf file had the 'port' section commented out!

Have rectified:

/etc/raddb/sql.conf

[...]
	# Connection info:
	server = "localhost"
	port = 3306
	login = "root"
	password = ""

[...]

>
> The database you created is named radius? your root user of your mysql
> server ha no password? Please set this setting corretly by filling out
> port, username, password and radius_db.

DB is called 'radius' yes :-) Also am using root account with no
password for now - nobody can get to this system as it's not on a
network; basically just a simple 'Sandbox' environment which will be
dismantled soon. - config saved of course :-)


[root@uk-tst-rad-1-temp raddb]# mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 317
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| radius             |
| test               |
+--------------------+
4 rows in set (0.00 sec)

>
> What about the daloradius side, please post your daloradius.conf. There
> you have to configure the same sql database as you configure in the sql
> module of freeradius.

These are the MySQL tables in the radius DB:

mysql> show tables;
+------------------------+
| Tables_in_radius       |
+------------------------+
| batch_history          |
| billing_history        |
| billing_merchant       |
| billing_paypal         |
| billing_plans          |
| billing_plans_profiles |
| billing_rates          |
| cui                    |
| dictionary             |
| hotspots               |
| invoice                |
| invoice_items          |
| invoice_status         |
| invoice_type           |
| nas                    |
| node                   |
| operators              |
| operators_acl          |
| operators_acl_files    |
| payment                |
| payment_type           |
| proxys                 |
| radacct                |
| radcheck               |
| radgroupcheck          |
| radgroupreply          |
| radhuntgroup           |
| radippool              |
| radpostauth            |
| radreply               |
| radusergroup           |
| realms                 |
| userbillinfo           |
| userinfo               |
| wimax                  |
+------------------------+
35 rows in set (0.00 sec)


Here is the daloradius.conf.php file:

[root@uk-tst-rad-1-temp library]# cat daloradius.conf.php
<?php
/*
 *********************************************************************************************************
 * daloRADIUS - RADIUS Web Platform
 * Copyright (C) 2007 - Liran Tal <li...@en...> All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 *********************************************************************************************************
 * Description:
 *              daloRADIUS Configuration File
 *
 * Modification Date:
 *              Mon Mar 28 22:55:00 EDT 2011
 *********************************************************************************************************
 */


$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'root';
$configValues['CONFIG_DB_PASS'] = '';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADCHECK'] = 'radcheck';
$configValues['CONFIG_DB_TBL_RADREPLY'] = 'radreply';
$configValues['CONFIG_DB_TBL_RADGROUPREPLY'] = 'radgroupreply';
$configValues['CONFIG_DB_TBL_RADGROUPCHECK'] = 'radgroupcheck';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_DB_TBL_RADNAS'] = 'nas';
$configValues['CONFIG_DB_TBL_RADHG'] = 'radhuntgroup';
$configValues['CONFIG_DB_TBL_RADPOSTAUTH'] = 'radpostauth';
$configValues['CONFIG_DB_TBL_RADACCT'] = 'radacct';
$configValues['CONFIG_DB_TBL_RADIPPOOL'] = 'radippool';
$configValues['CONFIG_DB_TBL_DALOOPERATORS'] = 'operators';
$configValues['CONFIG_DB_TBL_DALOOPERATORS_ACL'] = 'operators_acl';
$configValues['CONFIG_DB_TBL_DALOOPERATORS_ACL_FILES'] = 'operators_acl_files';
$configValues['CONFIG_DB_TBL_DALORATES'] = 'rates';
$configValues['CONFIG_DB_TBL_DALOHOTSPOTS'] = 'hotspots';
$configValues['CONFIG_DB_TBL_DALOUSERINFO'] = 'userinfo';
$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'] = 'userbillinfo';
$configValues['CONFIG_DB_TBL_DALODICTIONARY'] = 'dictionary';
$configValues['CONFIG_DB_TBL_DALOREALMS'] = 'realms';
$configValues['CONFIG_DB_TBL_DALOPROXYS'] = 'proxys';
$configValues['CONFIG_DB_TBL_DALOBILLINGPAYPAL'] = 'billing_paypal';
$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'] = 'billing_merchant';
$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'] = 'billing_plans';
$configValues['CONFIG_DB_TBL_DALOBILLINGRATES'] = 'billing_rates';
$configValues['CONFIG_DB_TBL_DALOBILLINGHISTORY'] = 'billing_history';
$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY'] = 'batch_history';
$configValues['CONFIG_DB_TBL_DALOBILLINGPLANSPROFILES'] =
'billing_plans_profiles';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE'] = 'invoice';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS'] = 'invoice_items';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS'] = 'invoice_status';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICETYPE'] = 'invoice_type';
$configValues['CONFIG_DB_TBL_DALOPAYMENTS'] = 'payment';
$configValues['CONFIG_DB_TBL_DALOPAYMENTTYPES'] = 'payment_type';
$configValues['CONFIG_DB_TBL_DALONODE'] = 'node';
$configValues['CONFIG_FILE_RADIUS_PROXY'] = '/etc/raddb/proxy.conf';
$configValues['CONFIG_PATH_RADIUS_DICT'] = '';
$configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/var/www/daloradius/var';
$configValues['CONFIG_DB_PASSWORD_ENCRYPTION'] = 'cleartext';
$configValues['CONFIG_LANG'] = 'en';
$configValues['CONFIG_LOG_PAGES'] = 'no';
$configValues['CONFIG_LOG_ACTIONS'] = 'no';
$configValues['CONFIG_LOG_QUERIES'] = 'no';
$configValues['CONFIG_DEBUG_SQL'] = 'no';
$configValues['CONFIG_DEBUG_SQL_ONPAGE'] = 'no';
$configValues['CONFIG_LOG_FILE'] = '/tmp/daloradius.log';
$configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] = 'no';
$configValues['CONFIG_IFACE_TABLES_LISTING'] = '25';
$configValues['CONFIG_IFACE_TABLES_LISTING_NUM'] = 'yes';
$configValues['CONFIG_IFACE_AUTO_COMPLETE'] = 'yes';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSERVER'] = '127.0.0.1';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSPORT'] = '1812';
$configValues['CONFIG_MAINT_TEST_USER_NASPORT'] = '0';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'testing123';
$configValues['CONFIG_USER_ALLOWEDRANDOMCHARS'] =
'abcdefghijkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789';
$configValues['CONFIG_MAIL_SMTPADDR'] = '127.0.0.1';
$configValues['CONFIG_MAIL_SMTPPORT'] = '25';
$configValues['CONFIG_MAIL_SMTPAUTH'] = '';
$configValues['CONFIG_MAIL_SMTPFROM'] = 'ro...@da...';
$configValues['CONFIG_DASHBOARD_DALO_SECRETKEY'] = 'sillykey';
$configValues['CONFIG_DASHBOARD_DALO_DEBUG'] = '1';
$configValues['CONFIG_DASHBOARD_DALO_DELAYSOFT'] = '5';
$configValues['CONFIG_DASHBOARD_DALO_DELAYHARD'] = '15';

/*
// Locations Configuration directives
// Locations directives are support for accessing different databases
from the daloRADIUS Login console
// adjust the locations below for databases you are running (if you
are running more than one.
$configValues['CONFIG_LOCATIONS'] =                     array(

        "Location Example 1" =>                 array(
                "Engine"   => "mysql",
                "Username" => "root",
                "Password" => "",
                "Database" => "radius",
                "Hostname" => "127.0.0.1"
        ),

        "Location Example 2" =>                 array(
                "Engine"   => "mysql",
                "Username" => "db_usertest",
                "Password" => "db_passtest",
                "Database" => "test_db1",
                "Hostname" => "localhost"
        )
);
*/



>
> Regards,
> Tobias
>


At the moment there are even more errors within my freeradius config
and I don't know where they came from, as the radius service was
working fine with simply just the 'users' file:

rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/inner-tunnel[236]: Failed to load module "eap".
/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing authenticate section.


Regards,


Kaya