[RADIATOR] MySQL Authentication

Adam Gerson agersonl at cgps.org
Fri Jun 4 15:00:01 CDT 2010

Thanks Hugh. I feel like we are close.

That took care of the loop, but I still have the error: Check item 
%{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match ''

As you can see that query does return a single row:

Why is it getting '' blank?

Fri Jun  4 15:56:20 2010: DEBUG: Handling with Radius::AuthSQL:
Fri Jun  4 15:56:20 2010: DEBUG: Query is: 'select 
REPLACE(mac_address,'.',':') from computers where mac_address = 
Fri Jun  4 15:56:20 2010: DEBUG: Radius::AuthSQL looks for match with 
kljlkj [kljlkj]
Fri Jun  4 15:56:20 2010: DEBUG: Radius::AuthSQL REJECT: Check item 
%{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match '' in 
request: kljlkj [kljlkj]

Adam Gerson
Assistant Director of Technology
Columbia Grammar and Prep School
phone. 212-749-6200 ex. 321
fax.  212-428-6806
agerson at cgps.org

On 6/4/10 3:41 PM, Hugh Irvine wrote:
> Hello Adam -
> Good progress - well done.
> To stop the loop you should add "NoDefault" to your AuthBy SQL clause.
> 	…..
> 	<AuthBy SQL>
> 		…..
> 		NoDefault
> 		…..
> 	</AuthBy>
> 	…..
> regards
> Hugh
> On 4 Jun 2010, at 15:11, Adam Gerson wrote:
>> I got everything pointing to the same instance of perl and Radiator is now talking to the database. As you can see from the attached screen shot this query does return one row. I have to convert between the MAC that is sent into Radiator, which is separated with ":" and the MAC in the database which is separated with "." This is all working in my test query. I am using Called-Station-Id just for testing, I know I need to switch it to Calling-Station-Id.
>> When I run it through Radiator I get this error in a loop:
>> 62 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Query is: 'select REPLACE(mac_address,'.',':') from computers where mac_address = REPLACE('00:19:92:02:B4:3A',':','.')':
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL looks for match with DEFAULT2663 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL REJECT: Check item %{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match '' in request: DEFAULT2663 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Query is: 'select REPLACE(mac_address,'.',':') from computers where mac_address = REPLACE('00:19:92:02:B4:3A',':','.')':
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL looks for match with DEFAULT2664 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL REJECT: Check item %{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match '' in request: DEFAULT2664 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Query is: 'select REPLACE(mac_address,'.',':') from computers where mac_address = REPLACE('00:19:92:02:B4:3A',':','.')':
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL looks for match with DEFAULT2665 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL REJECT: Check item %{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match '' in request: DEFAULT2665 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Query is: 'select REPLACE(mac_address,'.',':') from computers where mac_address = REPLACE('00:19:92:02:B4:3A',':','.')':
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL looks for match with DEFAULT2666 [lkjn]
>> Fri Jun  4 15:02:20 2010: DEBUG: Radius::AuthSQL REJECT: Check item %{Called-Station-Id} expression '00:19:92:02:B4:3A' does not match '' in request: DEFAULT2666 [lkjn]
>> Fri Jun  4 1
>> --
>> Adam Gerson
>> Assistant Director of Technology
>> Columbia Grammar and Prep School
>> phone. 212-749-6200 ex. 321
>> fax.  212-428-6806
>> agerson at cgps.org
>> http://www.cgps.org
>> On 6/4/10 5:25 AM, Hugh Irvine wrote:
>>> Hello Adam -
>>> Do you now have two separate Perl installations?
>>> If so you will need to run the correct instance of Perl by using the fully qualified pathname.
>>> Otherwise you will need to check the MySQL access rights for the user you are running Radiator and trying to connect as.
>>> regards
>>> Hugh
>>> On 3 Jun 2010, at 14:59, Adam Gerson wrote:
>>>> I have installed the perl DBI and DBD modules for MySQL via MacPorts. My
>>>> test perl script now successfully connects to my database with the same
>>>> connection string I am using in my Radiator config. However Raditor
>>>> still can not connect.
>>>> #!/usr/bin/perl
>>>> use DBI;
>>>> use DBD::mysql;
>>>> print "Content-type: text/html \n\n";
>>>> $platform = "mysql";
>>>> $database = "jamfsoftware";
>>>> $host = "localhost";
>>>> $port = "3306";
>>>> $tablename = "inventory";
>>>> $user = "jamfsoftware";
>>>> $pw = "****";
>>>> $dsn = "dbi:mysql:jamfsoftware:";
>>>> $dbstore = DBI->connect($dsn, $user, $pw) or die "Unable to connect:
>>>> $DBI::errstr\n";
>>>> print $dbstore;
>>>> sidekick:~ sadmin$ perl
>>>> /usr/local/src/Radiator/Radiator-Locked-4.6/goodies/adam.pl
>>>> Content-type: text/html
>>>> DBI::db=HASH(0x1008d9780)sidekick:~ sadmin$
>>>> sidekick:Radiator-Locked-4.6 root# perl radiusd -foreground -log_stdout
>>>> -trace 4 -config_file /etc/radiator/radius.cfg
>>>> Thu Jun  3 14:08:30 2010: DEBUG: Finished reading configuration file
>>>> '/etc/radiator/radius.cfg'
>>>> This Radiator license will expire on 2011-02-01
>>>> This Radiator license will stop operating after 1000 requests
>>>> To purchase an unlimited full source version of Radiator, see
>>>> http://www.open.com.au/ordering.html
>>>> To extend your license period, contact admin at open.com.au
>>>> Thu Jun  3 14:08:30 2010: DEBUG: Reading dictionary file
>>>> '/etc/radiator/dictionary'
>>>> Thu Jun  3 14:08:30 2010: DEBUG: Creating authentication port
>>>> Thu Jun  3 14:08:30 2010: DEBUG: Creating accounting port
>>>> Thu Jun  3 14:08:30 2010: NOTICE: Server started: Radiator 4.6 on
>>>> sidekick.cgps.org (LOCKED)
>>>> Thu Jun  3 14:08:37 2010: DEBUG: Packet dump:
>>>> *** Received from port 58712 ....
>>>> Code:       Access-Request
>>>> Identifier: 77
>>>> Authentic:  |M<230>"<166><30><233>a<246><225><147>s<227>4<10>^
>>>> Attributes:
>>>> 	User-Name = "kjkj"
>>>> 	User-Password =
>>>> <182><214><241><177><31><245><10><213>t<156><211>g<169><143>(R
>>>> 	NAS-IP-Address =
>>>> 	Service-Type = Login-User
>>>> 	Framed-IP-Address =
>>>> 	Called-Station-Id = "00:19:92:02:B4:3A"
>>>> 	Calling-Station-Id = ""
>>>> 	NAS-Identifier = "Bluesocket"
>>>> 	Acct-Session-Id = "00:19:92:02:B4:3A:1275588516"
>>>> 	NAS-Port-Type = Wireless-IEEE-802-11
>>>> Thu Jun  3 14:08:37 2010: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Thu Jun  3 14:08:37 2010: DEBUG:  Deleting session for kjkj,,
>>>> Thu Jun  3 14:08:37 2010: DEBUG: Handling with Radius::AuthSQL:
>>>> Thu Jun  3 14:08:37 2010: DEBUG: Handling with Radius::AuthSQL:
>>>> Thu Jun  3 14:08:37 2010: ERR: Could not connect to SQL database with
>>>> DBI->connect dbi:mysql:jamfsoftware:, jamfsoftware, ***:
>>>> Thu Jun  3 14:08:37 2010: ERR: Could not connect to any SQL database.
>>>> Request is ignored. Backing off for 600 seconds
>>>> Thu Jun  3 14:08:37 2010: DEBUG: AuthBy SQL result: IGNORE, User
>>>> database access error
>>>> # radius.cfg
>>>> #
>>>> # Example Radiator configuration file.
>>>> # This very simple file will allow you to get started with
>>>> # a simple system. You can then add and change features.
>>>> # We suggest you start simple, prove to yourself that it
>>>> # works and then develop a more complicated configuration as required.
>>>> #
>>>> # This example will authenticate from a standard users file in
>>>> # DbDir/users and log accounting to LogDir/detail.
>>>> #
>>>> # It will accept requests from any client and try to handle request
>>>> # for any realm.
>>>> #
>>>> # You should consider this file to be a starting point only
>>>> # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $
>>>> #Foreground
>>>> #LogStdout
>>>> LogDir		/var/log/radius
>>>> DbDir		/etc/radiator
>>>> # Use a low trace level in production systems. Increase
>>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>>> Trace 		5
>>>> # You will probably want to add other Clients to suit your site,
>>>> # one for each NAS you want to work with
>>>> <Client DEFAULT>
>>>> 	Secret	***
>>>> 	DupInterval 0
>>>> </Client>
>>>> <Realm DEFAULT>
>>>>      <AuthBy SQL>
>>>> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
>>>> 	DBSource	dbi:mysql:jamfsoftware:
>>>> 	DBUsername	jamfsoftware
>>>> 	DBAuth		***
>>>> 	# You can customise the SQL query used to get user details with the
>>>>          # AuthSelect parameter:
>>>> 	AuthSelect SELECT computer_id FROM WHERE mac_address = %0
>>>> 	AuthSelect select mac_address from jamfsoftware.computers c where
>>>> mac_address = '%{Calling-Station-Id}"
>>>> 	AuthColumnDef 0, %{Calling-Station-Id}, check
>>>>      </AuthBy>
>>>> 	# Log accounting to a detail file
>>>> 	AcctLogFileName	%L/detail
>>>> </Realm>
>>>> --
>>>> Adam Gerson
>>>> Assistant Director of Technology
>>>> Columbia Grammar and Prep School
>>>> phone. 212-749-6200 ex. 321
>>>> fax.  212-428-6806
>>>> agerson at cgps.org
>>>> http://www.cgps.org
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>> NB:
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>> <Screen shot 2010-06-04 at 3.06.33 PM.png>
> NB:
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?

More information about the radiator mailing list