[RADIATOR] MySQL Connection Problem

Adam Gerson agersonl at cgps.org
Wed Jun 2 15:01:15 CDT 2010 

I got Radiator to respond to basic requests from a flat file. I added 
the SQL config and I am not able to make a connection to the database,

I get:

Wed Jun  2 13:27:39 2010: ERR: Could not connect to SQL database with 
DBI->connect dbi:mysql:jamfsoftware, jamfsoftware, ******:
Wed Jun  2 13:33:30 2010: ERR: Could not connect to any SQL database. 
Request is ignored. Backing off for 600 seconds
Wed Jun  2 13:33:30 2010: DEBUG: AuthBy SQL result: IGNORE, User 
database access error

based on config lines:

DBSource	dbi:mysql:jamfsoftware
DBUsername	jamfsoftware
DBAuth		******

I also tried:
DBSource	dbi:mysql:jamfsoftware:127.0.0.1:3306

I do have a MySQL database named jamfsoftware running on localhost and a 
user named jamfsoftware. I have tested logging into it with the MySQL 
GUI tool and the credentials I put in the config. Is there any way to 
get a more specific idea of where the DB is failing? This is running on 
Mac OS 10 Server, not that it should make too much of a diference.

I wrote a test perl script that uses the same DBD::mysql that I think 
Radiator using. I got "Can't locate DBD/mysql.pm in @INC". Is one 
possible theory that I need this CPAN module and its not installed?

I tried to install it with CPAN and got:

...
Running make test
   Can't test without successful make
Running make install
   Make had returned bad status, install seems impossible
Failed during this command:
  CAPTTOFU/DBD-mysql-4.014.tar.gz              : make NO


-- 
Adam Gerson
Assistant Director of Technology
Columbia Grammar and Prep School
phone. 212-749-6200 ex. 321
fax.  212-428-6806
agerson at cgps.org
http://www.cgps.org

On 6/2/10 11:05 AM, Hugh Irvine wrote:
>
> Hello Adam -
>
>  From what you show below, Radiator is not even seeing the RADIUS request(s), as there is nothing in the log.
>
> This makes me think the switch is sending to a different IP address and/or port number.
>
> In any case you should proceed as follows:
>
>
> 1. run radiusd from the command line with a simple configuration that just uses a flat file for authentication
>
> 	cd /your/Radiator/source/directory
>
> 	perl radiusd -foreground -log_stdout -trace 4 -config_file goodies/simple.cfg
>
> 	……
>
> 	in another terminal window check what is happening with radpwtst
>
> 	perl radpwtst …..
>
> 	…..
>
> 2. once you have a simple setup running with radpwtst you can set up an SQL configuration and test with radpwtst
>
>
> 	cd /your/Radiator/source/directory
>
> 	perl radiusd -foreground -log_stdout -trace 4 -config_file goodies/sql.cfg
>
> 	……
>
> 	in another terminal window check what is happening with radpwtst
>
> 	perl radpwtst …..
>
> 	…..
>
> 3. you can then modify the AuthBy SQL clause to suit what you are doing - rinse and repeat
>
> 	……
>
>
> In answer to your question about AuthSelect and AuthColumnDef, you can do something like this:
>
>
> 	<AuthBy SQL>
> 		
> 		# check that the MAC address is present in the database
>
> 		…..
>
> 		AuthSelect select MACADDRESS from COMPUTERS where MACADDRESS = '%{Calling-Station-Id}"
>
> 		AuthColumnDef 0, %{Calling-Station-Id}, check
>
> 		…..
> 		
> 	</AuthBy>
>
>
>
> hope that helps
>
> regards
>
> Hugh
>
>
>
> On 2 Jun 2010, at 10:36, Adam Gerson wrote:
>
>> I have read the documentation for AuthBy SQL, AuthSelect, and AuthColumnDef.
>>
>> AuthSelect says "This is an SQL select statement that will be used to
>> find and fetch the password". My database does not contain passwords,
>> only MACs. I know I can pass the MAC in as the username, but when it
>> comes to interpretting the results, if I get a row back they are
>> authorized, if results = 0 they are not. Can I do this with AuthColumnDef?
>>
>> Is there a way to test if this cfg is working by just passing a MAC in
>> with a specific command and get a YES or NO?
>>
>> When I perform a test request from my network switch I get:
>>
>> 'User-Name' =>  '00:0a:95:de:a5:2a'
>> Failed authentication
>> Error: bad response authenticator
>>
>> Nothing in the raditor logs after:
>> Wed Jun  2 10:23:52 2010: NOTICE: Server started: Radiator 4.6 on
>> sidekick.cgps.org (LOCKED)
>>
>> Here is my current config:
>>
>> # radius.cfg
>> #
>> # Example Radiator configuration file.
>> # This very simple file will allow you to get started with
>> # a simple system. You can then add and change features.
>> # We suggest you start simple, prove to yourself that it
>> # works and then develop a more complicated configuration as required.
>> #
>> # This example will authenticate from a standard users file in
>> # DbDir/users and log accounting to LogDir/detail.
>> #
>> # It will accept requests from any client and try to handle request
>> # for any realm.
>> #
>> # You should consider this file to be a starting point only
>> # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
>>
>> #Foreground
>> #LogStdout
>> LogDir		/var/log/radius
>> DbDir		/etc/radiator
>> # Use a low trace level in production systems. Increase
>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>> Trace 		4
>>
>> # You will probably want to add other Clients to suit your site,
>> # one for each NAS you want to work with
>> <Client DEFAULT>
>> 	Secret	******
>> 	DupInterval 0
>> </Client>
>>
>> <Realm DEFAULT>
>>      <AuthBy SQL>
>> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
>> 	
>> 	DBSource	dbi:mysql:jamfsoftware
>> 	DBUsername	jamfsoftware
>> 	DBAuth		******
>>
>> 	# You can customise the SQL query used to get user details with the
>>          # AuthSelect parameter:
>> 	AuthSelect SELECT computer_id FROM jamfsoftware.computers c WHERE
>> mac_address = %0
>> 	#AuthColumnDef 0, User-Password, check
>>      </AuthBy>
>> 	# Log accounting to a detail file
>> 	AcctLogFileName	%L/detail
>> </Realm>
>>
>> On 6/1/10 2:19 PM, Andrew D. Clark wrote:
>>> You can handle this with<AuthBy SQL>   in a pretty straightforward fashion.
>>> Rather than having the SQL query return the full list of MAC addresses, you
>>> can simply select for the MAC address in question.
>>>
>>> sql.cfg in the "goodies" directory makes a good starting point and just
>>> consider the MAC address to be the username.  You might want to ensure the MAC
>>> address has a consistent format with RewriteUsername (in case one vendor
>>> delimits it with colons, another with dotted quads, yet another with hyphens,
>>> not to mention issues of case-sensitivity).
>>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>

More information about the radiator mailing list