Julian Matz
asked on
freeradius + MySQL
Hi! I have the two Debian packages, freeradius and freeradius-mysql installed.
The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured.
The following test on localhost works:
~# radtest johndoe abc123 localhost 1812 testing123
The RADIUS server is able to connect with the MySQL database, and I can authenticate users from it. I also have a remote RADIUS client configured that is working with my captive portal and RADIUS server, however, it only works when I have the client's IP address configured in /etc/freeradius/clients.co nf. It does not work using the MySQL 'nas' table.
In other words, freeradius does not seem to be querying my nas table from the MySQL database.
In my /etc/freeradius/sql.conf file I have following:
# Table to keep radius client info
nas_table = "nas"
# Set to 'yes' to read radius clients from the database ('nas' table)
readclients = yes
In my nas table I have following:
id nasname shortname type ports secret community description
1 xx.xx.xx.xx NULL other NULL testing123 NULL RADIUS Client
... where xx.xx.xx.xx is the correct IP address of my RADIUS client.
When I try to log in via the captive portal, with freeradius running in debug mode, I get the following:
rad_recv: Access-Request packet from host xx.xx.xx.xx:2326, id=126, length=341
Ignoring request from unknown client xx.xx.xx.xx:2326
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
Any help would be greatly apprciated!
The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured.
The following test on localhost works:
~# radtest johndoe abc123 localhost 1812 testing123
The RADIUS server is able to connect with the MySQL database, and I can authenticate users from it. I also have a remote RADIUS client configured that is working with my captive portal and RADIUS server, however, it only works when I have the client's IP address configured in /etc/freeradius/clients.co
In other words, freeradius does not seem to be querying my nas table from the MySQL database.
In my /etc/freeradius/sql.conf file I have following:
# Table to keep radius client info
nas_table = "nas"
# Set to 'yes' to read radius clients from the database ('nas' table)
readclients = yes
In my nas table I have following:
id nasname shortname type ports secret community description
1 xx.xx.xx.xx NULL other NULL testing123 NULL RADIUS Client
... where xx.xx.xx.xx is the correct IP address of my RADIUS client.
When I try to log in via the captive portal, with freeradius running in debug mode, I get the following:
rad_recv: Access-Request packet from host xx.xx.xx.xx:2326, id=126, length=341
Ignoring request from unknown client xx.xx.xx.xx:2326
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
Any help would be greatly apprciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The client (a Linksys WRT54GL) will have a static private IP - e.g. 192.168.2.1. It will use an Internet connection from another gateway at 192.168.1.1, which in turn is connected to a DSL modem. The DSL provider that's providing the WAN connection is assigns dynamic public IPs. It's the public IP that gets sent to the RADIUS server and that's why I need to figure out how to use RADIUS authentication with dynamic IPs. There will be lots of WRT54GL routers in different remote locations, and they will all have dynamic IPs assigned to them by the ISP. Basically, this is for a hotspot service.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I decided to use a local cron job and a remote PHP script to periodically update the dynamic IP address with my nameservers. This way I was able to use a hostname instead of an IP.
Apparently the FQDN goes into nasname ( e.g. some.name.example.com ), and the shortname would then be "some.name". Not really sure why it's set up like that, but it seems to work.
Thanks for the help!
Apparently the FQDN goes into nasname ( e.g. some.name.example.com ), and the shortname would then be "some.name". Not really sure why it's set up like that, but it seems to work.
Thanks for the help!
ASKER
That seems to have done the trick! Is that the normal/expected behaviour though?
Now that this seems to be working, do you know of an easy method to do this using dynamic client IPs?
If not, I'd probably have to write a bash script to update the IPs on my DNS servers periodically using cron...