OpenWrt Forum Archive

Topic: FreeRADIUS with remote mySQL server

The content of this topic has been archived on 9 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
TheCook
12 Sep 2017, 08:20

I have been working my way through the PACKT 'FreeRADIUS' book and managed to get most of it working until now.

I am trying to set up mySQL but I don't have enough space to load the mySQL server locally.  As a result, I have configured FreeRADIUS to use another mySQL server remotely.

The trouble I have is that I keep getting

[sql]     expand:  ->
[sql] Error generating query; rejecting user

errors.  I can access the server from other computers using the same username and password. so I know that the mySQL server is accepting remote queries.

So, the question is...

Is there a way to test access to a remote mySQL server from within OpenWRT?

I want to see if that bit is working at least.

Post #2
TheCook
13 Sep 2017, 00:15

Still looking around.

The FreeRADIUS people suggest that:

Optionally, if you want to strip all realm names (i.e. you want user joe@domain.com to authenticate as just 'joe'), then in file /etc/raddb/mods-config/sql/main/sql_dialect/queries.conf , under the 'query config: username' section, you MAY need to adjust the line(s) referring to sql_user_name. For example, in uncomment the line:

sql_user_name = '%{Stripped-User-Name}'

...and comment out the following line referring to just User-Name. If you want to see what's happening here, switch on all the logging options in radiusd.conf and run radiusd in debug mode (-X) to see what's happening : you'll see " user@domain" being passed to SQL when using User-Name, but just "user" when using Stripped-User-Name. Of course, set all your other SQL options as needed (database login details, etc)

Does anyone know where the queries.conf file is?

Post #3
TheCook
13 Sep 2017, 01:00

When I look at what other people have I see something like:

[sql]     expand: %{User-Name} -> user1 at mydomain.com

or

expand: %{User-Name} -> abc
[sql] sql_set_user escaped user --> 'abc'

Where can I find the code that does expand: %{User-Name}?

Post #4
TheCook
14 Sep 2017, 23:35

I think the solution is to, once again, give up on openWRT.  Before I go...

Is there anyone out there that has freeRADIUS working with mySQL on an openWRT box?

Post #5
augustus_meyer
15 Sep 2017, 07:07

Not directly. But because I develop hotspotsystems for a living, several times I set up a remote freeradius+mysql. Remote, because of resource limits of the openwrt box, and because of further processing of the radius data (i.e. user accounting). sql config for freeradius depends a bit upon host OS. But there is a very good doc: wikiDOTfreeradiusDOTorg/guide/SQL-HOWTO
I strongly suspect, your issue is _NOT_ openwrt-related but a general question regarding freeradius config.
Which is a bit black magic, I have to admit.
You might post your question on the freeradius forum.
Another approach would be, to set up freeradius+mysql according to the mentioned doc on a small unbuntu server (vps is about $10/month); and then port to openwrt.

(Last edited by augustus_meyer on 15 Sep 2017, 07:10)

The discussion might have continued from here.