Freeradius and MYSQL
Hello,
I am working with freeradius and MYSQL. My goal is to authenticate users through the radius server with my users' database in mysql. I already have all the users created in mysql but when I try to establish an authentication I get the error that freeradius cannot establish the connection with the database.
I am working with freeradius and MYSQL. My goal is to authenticate users through the radius server with my users' database in mysql. I already have all the users created in mysql but when I try to establish an authentication I get the error that freeradius cannot establish the connection with the database.
Please also mark the comments that contributed to the solution of the article
Content-ID: 669785
Url: https://administrator.de/contentid/669785
Printed on: December 7, 2024 at 17:12 o'clock
6 Comments
Latest comment
By default the MySQL Database is accepting local queries only. You have to grand privileges to the user@% (all localtions), then your radius server is not at the same computer like the database. If its a windows MySQL server then the TCPIP protocol is disabled by default in the MySQL server settings.
Take a look at a local tutorial:
Freeradius with database and GUI which describes all steps in detail. Use a translator to read it in English or your language of choice.
In case you have the database on a separate server the most important config is under /etc/freeradius/3.0/mods-available/sql
Instead of "localhost" in the connection you have to setup the database IP address here. In case you need to encrypt the session you maybe want to activate all the TLS settings in the connection screenshot above. You should make sure that a ping between radius and database works and proofs a running IP connection. Database ports should be open in a firewall and in the database setting itself so that it accepts remote access. There are also some easy checks for a remote client connectivity:
https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/
If database and Radius Server are on the same system (localhost) just follow the above tutorial!! This will bring things instantly to work.
So far the posted debug output looks quite ok for the Radius authentication itself but looks like there is no network (or local) connection to the database and therefor the user "user1" could not be looked up and fails authentication.
Freeradius with database and GUI which describes all steps in detail. Use a translator to read it in English or your language of choice.
In case you have the database on a separate server the most important config is under /etc/freeradius/3.0/mods-available/sql
Instead of "localhost" in the connection you have to setup the database IP address here. In case you need to encrypt the session you maybe want to activate all the TLS settings in the connection screenshot above. You should make sure that a ping between radius and database works and proofs a running IP connection. Database ports should be open in a firewall and in the database setting itself so that it accepts remote access. There are also some easy checks for a remote client connectivity:
https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/
If database and Radius Server are on the same system (localhost) just follow the above tutorial!! This will bring things instantly to work.
So far the posted debug output looks quite ok for the Radius authentication itself but looks like there is no network (or local) connection to the database and therefor the user "user1" could not be looked up and fails authentication.
The error message is clear and can be read in the log
You have not modified the configuration to fit the needs for your database system. So open /etc/raddb/mods-enabled/sql and change the line dialect line to
and comment out the line with "rlm_sql_null" and remove the comment from the next line
Then inside the section sql {} add the correct connection details to your database
Afterwards restart the radius service.
You have not modified the configuration to fit the needs for your database system. So open /etc/raddb/mods-enabled/sql and change the line dialect line to
dialect = "mysql"
# driver = "rlm_sql_null"
driver = "rlm_sql_${dialect}"
# server address
server = "localhost"
# server port
port = 3306
# username
login = "radius"
# password
password = "Passw0rd"
# database name
radius_db = "radius"
Series: Freeradius Y MYSQL 1
Freeradius and MYSQL6