Making freeradius 3 in ubuntu 18 look at the mysql nas table for client "secret"

0

I am running freeradius from the same computer that I am running "radtest" from.

I can get get an "accept" message with user password coming from either "users" file or mysql , and can get client "secret" from clients.conf file, but can't figure out how to get freeradius to look at mysql for the client "secret".

Do I have to somehow disable or override the entry in "cients.conf"?

Here's a summary of file entries, mysql, and test results:

/etc/freeradius/3.0/clients.conf    #client localhost with secret testing123
/etc/freeradius/3.0/users           #testing Cleartext-Password := "testpwd"
/etc/freeradius/3.0/mods-available/sql  #read_clients = yes  (/etc/freeradius/3.0/sites- enabled/sql points here)

SELECT * FROM radgroupreply LIMIT 10;
| id | groupname | attribute            | op | value               |
|  1 | dynamic   | Framed-Compression   | := | Van-Jacobsen-TCP-IP |
|  2 | dynamic   | Framed-Protocol      | := | PPP                 |
|  3 | dynamic   | Service-Type         | := | Framed-User         |
|  4 | dynamic   | Framed-MTU           | := | 1500                |
|  5 | 2048-1024 | Motorola-Canopy-ULBR | =  | 1024                |
|  6 | 2048-1024 | Motorola-Canopy-ULBL | =  | 500000              |

mysql> SELECT * FROM radusergroup LIMIT 10;
| username          | groupname | priority |
| fredf             | dnamic    |        2 |
| 0a-00-3e-89-35-32 | 2048-1024 |        2 |

mysql> SELECT * FROM radcheck LIMIT 10; 
| id | username          | attribute          | op | value       |
|  3 | fredf             | Cleartext-Password | := | wilma       |
|  6 | 0a-00-3e-89-35-32 | Cleartext-Password | := | passwordsql |

mysql> SELECT * FROM radreply LIMIT 10;
| id | username | attribute                 | op | value |
|  1 | fredf    | Motorola-Canopy-UserLevel | =  | 3     |
|  2 | testuser | Motorola-Canopy-UserLevel | =  | 3     |

mysql> SELECT * FROM nas LIMIT 10; 
| id | nasname   | shortname | type | ports | secret  | server    | community | description |
|  1 | 10.10.2.2 | Griz450NW | 1    |  1812 | naspass | localhost | ISReader  | Griz450NW   |

radtest testing testpwd 127.0.0.1 0 testing123                  #works
  Received Access-Accept Id 107 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
radtest fredf wilma 127.0.0.1 0 testing123                      #works
  Received Access-Accept Id 242 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
  Motorola-WiMAX-Home-BTS = 0x00000003
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 testing123    #works
  Received Access-Accept Id 27 from 127.0.0.1:1812 to 0.0.0.0:0 length 44
  Motorola-Canopy-ULBR = 1024
  Motorola-Canopy-ULBL = 500000
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 naspass       #doesn't work
  Radius -X output: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator!  (Shared secret is incorrect.)
freeradius
asked on Stack Overflow May 7, 2019 by Dustin Soodak

1 Answer

0

The NAS table entry worked once I changed the "nasname" to "127.0.0.1" and disabled the client in clients.conf (I just changed "ipaddr" from "127.0.0.1" to "127.0.0.2").

answered on Stack Overflow May 13, 2019 by Dustin Soodak

User contributions licensed under CC BY-SA 3.0