Topic: Problems with MYSQL-AUTH and radius

Hi,

we like to set up ChilliHotSpot with Radius und Mysql for test use.

The howto i'm using: http://www.pug.org/mediawiki/index.php/Coova_Chilli_Hotspot/Installation

Now i have some problems with this error message

rad_recv: Access-Request packet from host 127.0.0.1 port 41793, id=60, length=58
    User-Name = "markus"
    User-Password = "XXX"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
Wed Jul 28 10:34:42 2010 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Wed Jul 28 10:34:42 2010 : Debug: auth: Failed to validate the user.
Wed Jul 28 10:34:42 2010 : Auth: Login incorrect: [markus/XXX] (from client localhost port 0)

Can sombody help me to fix this issue?

Some outputs and configs:

mysql> select * from radcheck;
+----+----------+-----------+----+----------+
| id | username | attribute | op | value    |
+----+----------+-----------+----+----------+
|  1 | markus   | Password  | == | XXX |


/etc/freeradius/radiusd.conf
prefix = /usr
   exec_prefix = /usr
   sysconfdir = /etc
   localstatedir = /var
   sbindir = ${exec_prefix}/sbin
   logdir = /var/log/freeradius
   raddbdir = /etc/freeradius
   radacctdir = ${logdir}/radacct
   confdir = ${raddbdir}
   run_dir = ${localstatedir}/run/freeradius
   db_dir = $(raddbdir)
   libdir = /usr/lib/freeradius
   pidfile = ${run_dir}/freeradius.pid
   user = freerad
   group = freerad
   max_request_time = 30
   cleanup_delay = 5
   max_requests = 1024

   listen {
    type = auth
    ipaddr = *
    port = 0
   }

   listen {
    ipaddr = *
    port = 0
    type = acct
   }

   hostname_lookups = no
   allow_core_dumps = no
   regular_expressions    = yes
   extended_expressions    = yes

   log {
    destination = files
    file = ${logdir}/radius.log
    syslog_facility = daemon
    stripped_names = no
    auth = no
    auth_badpass = no
    auth_goodpass = no
   }

   checkrad = ${sbindir}/checkrad
   security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
   }
   ### kann abgeschaltet werden ####
   proxy_requests  = no
   #####  #####
   $INCLUDE proxy.conf
   $INCLUDE clients.conf
   snmp    = no
   $INCLUDE snmp.conf

   thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 0
   }

  modules {
    pap {
        auto_header = no
    }

    chap {
        authtype = CHAP
    }

    pam {
        pam_auth = radiusd
    }

    unix {
        radwtmp = ${logdir}/radwtmp
    }

   $INCLUDE eap.conf

    mschap {
    }

    ldap {
        server = "ldap.your.domain"
        basedn = "o=My Org,c=UA"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        ldap_connections_number = 5
        timeout = 4
        timelimit = 3
        net_timeout = 1

        tls {
            start_tls = no
        }

        dictionary_mapping = ${confdir}/ldap.attrmap
        edir_account_policy_check = no
    }

    realm IPASS {
        format = prefix
        delimiter = "/"
    }

    realm suffix {
        format = suffix
        delimiter = "@"
    }

    realm realmpercent {
        format = suffix
        delimiter = "%"
    }

    realm ntdomain {
        format = prefix
        delimiter = "\\"
    }   

    checkval {
        item-name = Calling-Station-Id
        check-name = Calling-Station-Id
        data-type = string
    }

    preprocess {
        huntgroups = ${confdir}/huntgroups
        hints = ${confdir}/hints
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
    }

    files {
        usersfile = ${confdir}/users
        acctusersfile = ${confdir}/acct_users
        preproxy_usersfile = ${confdir}/preproxy_users
        compat = no
    }

    detail {
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        detailperm = 0600
        header = "%t"
    }

    acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }

    $INCLUDE sql.conf  ###### Wichtiger Teil #######

    radutmp {
        filename = ${logdir}/radutmp
        username = %{User-Name}
        case_sensitive = yes
        check_with_nas = yes       
        perm = 0600
        callerid = "yes"
    }

    radutmp sradutmp {
        filename = ${logdir}/sradutmp
        perm = 0644
        callerid = "no"
    }

    attr_filter attr_filter.post-proxy {
        attrsfile = ${confdir}/attrs
    }

    attr_filter attr_filter.pre-proxy {
        attrsfile = ${confdir}/attrs.pre-proxy
    }

    attr_filter attr_filter.access_reject {
        key = %{User-Name}
        attrsfile = ${confdir}/attrs.access_reject
    }

    attr_filter attr_filter.accounting_response {
        key = %{User-Name}
        attrsfile = ${confdir}/attrs.accounting_response
    }

    counter daily {
        filename = ${db_dir}/db.daily
        key = User-Name
        count-attribute = Acct-Session-Time
        reset = daily
        counter-name = Daily-Session-Time
        check-name = Max-Daily-Session
        reply-name = Session-Timeout
        allowed-servicetype = Framed-User
        cache-size = 5000
    }

    always fail {
        rcode = fail
    }

    always reject {
        rcode = reject
    }

    always noop {
        rcode = noop
    }

    always handled {
        rcode = handled
    }

    always updated {
        rcode = updated
    }

    always notfound {
        rcode = notfound
    }

    always ok {
        rcode = ok
        simulcount = 0
        mpp = no
    }

    expr {
    }

    digest {
    }

    expiration {
        reply-message = "Password Has Expired\r\n"
    }

    logintime {
        reply-message = "You are calling outside your allowed timespan\r\n"
        minimum-timeout = 60
    }

    exec {
        wait = yes
        input_pairs = request
        shell_escape = yes
        output = none
    }

    exec echo {
        wait = yes
        program = "/bin/echo %{User-Name}"
        input_pairs = request
        output_pairs = reply
        shell_escape = yes
    }
          # Kann unbeachtet bleiben, nur fuer Dial IN !!!
    ippool main_pool {
        range-start = 192.168.1.1
        range-stop = 192.168.3.254
        netmask = 255.255.255.0
        cache-size = 800
        session-db = ${db_dir}/db.ippool
        ip-index = ${db_dir}/db.ipindex
        override = no
        maximum-timeout = 0
    }

    policy {
           filename = ${confdir}/policy.txt
    }
   }

   instantiate {
    exec
    expr
    #clients.conf
    logintime
   }
 
$INCLUDE policy.conf
   
   #### Nebenconfig ####
#   $INCLUDE sites-enabled/default

/etc/freeradius/sql.conf
sql {
    database = "mysql"
    driver = "rlm_sql_${database}"
    server = "localhost" # DB Server
    login = "radius" # DB Benutzernamen
    password = "XXX" # DB Passwort
    radius_db = "radius"
    acct_table1 = "radacct"
    acct_table2 = "radacct"
    postauth_table = "radpostauth"
    authcheck_table = "radcheck"
    authreply_table = "radreply"
    groupcheck_table = "radgroupcheck"
    groupreply_table = "radgroupreply"
    usergroup_table = "radusergroup"
    read_groups = no
    deletestalesessions = yes
    sqltrace = no
    sqltracefile = ${logdir}/sqltrace.sql
    num_sql_socks = 5
    connect_failure_retry_delay = 60
    readclients = yes # von No auf Yes
    nas_table = "nas" #
    $INCLUDE sql/${database}/dialup.conf # Einbinden
   }