FreeRadius et MySQL...

[tsing]

Bien le bonjour à tous :)

Voila, en fait j'essaye d'installer FreeRadius (précisément sur une RedHat entreprise 3, mais ce détail n'est peut-être pas très important). A ce propos, je ne cherche pas spécialement à le faire selon le "mode EAP/TLS". Très concretement, voila mon but :

• Mettre en marche FreeRadius (qui est installé), version 1.05.
  
• Faire en sorte qu'il fonctionne via MySQL.
  

Donc j'ai, grâce à quelques tutos plus ou moins clair à mes yeux, copié-collé des fichiers de conf comme radiusd.conf, clients.conf, et même eap.conf (dont je ne connais vraiment ni la fonction, ni s'il est indispensable).

S'il le faut, je peux vous publier le contenu de ces fichiers. En tout cas, en gros (car sinon je vais me noyer), je voudrais utiliser sur une seule machine :

• Le serveur FreeRadius
  
• Le serveur MySQL
  

Par rapport au client de FreeRadius : NAS, je ne sais pas s'il est indispensable... mais dans un premier temps, je souhaiterais lui aussi l'intégrer dans l'unique machine.

Pour ce qui concerne les utilisateurs, j'ai déjà enregistré dans la base MySQL l'utilisateur - avec tous les droits - pour l'utiliser :

• login : radius
  
• mot de passe : mot_de_passe
  

Comme le contenu de mon fichier clients.conf est assez court, je vais vous l'afficher :

client 127.0.0.1 {

shortname = localhost

secret = secret

}

Enfin, afin que mon problème soit clairement ciblable (enfin j'espère car moi-même je ne l'ai pas encore ciblé ), je vais aussi vous publier ce que m'explique FreeRadius lorsque je lui dis : radiusd -X -A

Starting - reading configuration files ...

reread_config: reading radiusd.conf

Config: including file: /etc/raddb/proxy.conf

Config: including file: /etc/raddb/clients.conf

Config: including file: /etc/raddb/snmp.conf

Config: including file: /etc/raddb/sql.conf

main: prefix = "/usr"

main: localstatedir = "/var"

main: logdir = "/var/log/radius"

main: libdir = "/usr/lib"

main: radacctdir = "/var/log/radius/radacct"

main: hostname_lookups = no

main: max_request_time = 30

main: cleanup_delay = 5

main: max_requests = 1024

main: delete_blocked_requests = 0

main: port = 0

main: allow_core_dumps = no

main: log_stripped_names = no

main: log_file = "/var/log/radius/radius.log"

main: log_auth = yes

main: log_auth_badpass = yes

main: log_auth_goodpass = yes

main: pidfile = "/var/run/radiusd/radiusd.pid"

main: user = "radiusd"

main: group = "radiusd"

main: usercollide = no

main: lower_user = "no"

main: lower_pass = "no"

main: nospace_user = "no"

main: nospace_pass = "no"

main: checkrad = "/usr/sbin/checkrad"

main: proxy_requests = yes

proxy: retry_delay = 5

proxy: retry_count = 3

proxy: synchronous = no

proxy: default_fallback = yes

proxy: dead_time = 120

proxy: post_proxy_authorize = yes

proxy: wake_all_if_all_dead = no

security: max_attributes = 200

security: reject_delay = 1

security: status_server = no

main: debug_level = 0

read_config_files: reading dictionary

read_config_files: reading naslist

Using deprecated naslist file. Support for this will go away soon.

read_config_files: reading clients

read_config_files: reading realms

radiusd: entering modules setup

Module: Library search path is /usr/lib

Module: Loaded expr

Module: Instantiated expr (expr)

Module: Loaded PAP

pap: encryption_scheme = "crypt"

Module: Instantiated pap (pap)

Module: Loaded CHAP

Module: Instantiated chap (chap)

Module: Loaded MS-CHAP

mschap: use_mppe = yes

mschap: require_encryption = no

mschap: require_strong = no

mschap: with_ntdomain_hack = no

mschap: passwd = "(null)"

mschap: authtype = "MS-CHAP"

mschap: ntlm_auth = "(null)"

Module: Instantiated mschap (mschap)

Module: Loaded System

unix: cache = no

unix: passwd = "(null)"

unix: shadow = "/etc/shadow"

unix: group = "(null)"

unix: radwtmp = "/var/log/radius/radwtmp"

unix: usegroup = no

unix: cache_reload = 600

Module: Instantiated unix (unix)

Module: Loaded eap

eap: default_eap_type = "md5"

eap: timer_expire = 60

eap: ignore_unknown_eap_types = no

eap: cisco_accounting_username_bug = no

rlm_eap: Loaded and initialized type md5

rlm_eap: Loaded and initialized type leap

Module: Instantiated eap (eap)

Module: Loaded preprocess

preprocess: huntgroups = "/etc/raddb/huntgroups"

preprocess: hints = "/etc/raddb/hints"

preprocess: with_ascend_hack = no

preprocess: ascend_channels_per_line = 23

preprocess: with_ntdomain_hack = no

preprocess: with_specialix_jetstream_hack = no

preprocess: with_cisco_vsa_hack = no

Module: Instantiated preprocess (preprocess)

Module: Loaded realm

realm: format = "suffix"

realm: delimiter = "@"

realm: ignore_default = no

realm: ignore_null = no

Module: Instantiated realm (suffix)

Module: Loaded SQL

sql: driver = "rlm_sql_mysql"

sql: server = "localhost"

sql: port = ""

sql: login = "radius"

sql: password = "mot_de_passe"

sql: radius_db = "radius"

sql: acct_table = "radacct"

sql: acct_table2 = "radacct"

sql: authcheck_table = "radcheck"

sql: authreply_table = "radreply"

sql: groupcheck_table = "radgroupcheck"

sql: groupreply_table = "radgroupreply"

sql: usergroup_table = "usergroup"

sql: nas_table = "nas"

sql: dict_table = "dictionary"

sql: sqltrace = no

sql: sqltracefile = "/var/log/radius/sqltrace.sql"

sql: readclients = no

sql: deletestalesessions = yes

sql: num_sql_socks = 5

sql: sql_user_name = "%{User-Name}"

sql: default_user_profile = ""

sql: query_on_not_found = no

sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"

sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"

sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"

sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"

sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"

sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0"

sql: accounting_update_query_alt = ""

sql: accounting_start_query = "INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"

sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"

sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"

sql: accounting_stop_query_alt = "INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"

sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'"

sql: connect_failure_retry_delay = 60

sql: simul_count_query = ""

sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"

sql: postauth_table = "radpostauth"

sql: postauth_query = ""

sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found

rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld.

radiusd.conf[1]: sql: Module instantiation failed.

Voila vous savez tout

Alors justement, surtout si vous pensez que vous avez une idée, surtout n'hesitez pas à me la communiquer :twisted: Car moi je patauge drôlement depuis quelques jours, ici devant mon écran

Bonne soiée.

---

tsing tao