cannot read clients from nas table in freeradius only from clients.conf

Question

I have installed freeradius on Centos.

The MySQL database is populated with some data for testing, and the freeradiusd.conf and sql.conf are configured.

The RADIUS server is able to connect with the MySQL database, and I can authenticate users from it. I also have a remote RADIUS client configured that is working with my captive portal and RADIUS server, however, it only works when I have the client's IP address configured in /etc/raddb/clients.conf. It does not work using the MySQL 'nas' table.

In other words, freeradius does not seem to be querying my nas table from the MySQL database.

In my /etc/raddb/mods-enabled/sql file I have following:

# Table to keep radius client info
nas_table = "nas"

# Set to 'yes' to read radius clients from the database ('nas' table)
read_clients = yes

In my nas table I have following:

id       nasname       shortname       type       ports       secret  server      community       description
1       xx.xx.xx.xx       NULL       other       NULL       testing123 
default      NULL       RADIUS Client

... where xx.xx.xx.xx is the correct IP address of my RADIUS client.

When I try to log in via the captive portal, with freeradius running in debug mode, I get the following:

Wed Aug  8 06:39:11 2018 : Info: Ready to process requests
Wed Aug  8 06:39:19 2018 : Error: Ignoring request to auth address * port 1812 bound to server default from unknown client xx.xx.xx.xx port 55546 proto udp
Wed Aug  8 06:39:19 2018 : Info: Ready to process requests
Wed Aug  8 06:39:21 2018 : Error: Ignoring request to auth address * port 1812 bound to server default from unknown client xx.xx.xx.xx port 55546 proto udp
Wed Aug  8 06:39:21 2018 : Info: Ready to process requests
Wed Aug  8 06:39:24 2018 : Error: Ignoring request to auth address * port 1812 bound to server default from unknown client xx.xx.xx.xx port 55546 proto udp
Wed Aug  8 06:39:24 2018 : Info: Ready to process requests
eWed Aug  8 06:39:28 2018 : Error: Ignoring request to auth address * port 1812 bound to server default from unknown client xx.xx.xx.xx port 55546 proto udp

I noticed in the debug output that the data in nas are being loaded

Wed Aug  8 09:07:58 2018 : Debug: rlm_sql (sql): Reserved connection (0)
Wed Aug  8 09:07:58 2018 : Debug: rlm_sql (sql): Executing select query: SELECT id, nasname, shortname, type, secret, server FROM nas
Wed Aug  8 09:07:58 2018 : Debug: rlm_sql (sql): Adding client xx.xx.xx.xx (xx.xx.xx.xx) to default clients list
Wed Aug  8 09:07:58 2018 : Debug: Adding client xx.xx.xx.xx/32 (xx.xx.xx.xx) to prefix tree 32
Wed Aug  8 09:07:58 2018 : Debug: rlm_sql (xx.xx.xx.xx): Client "xx.xx.xx.xx" (sql) added
Wed Aug  8 09:07:58 2018 : Debug: rlm_sql (sql): Released connection (0)
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
Wed Aug  8 09:07:58 2018 : Debug:   # Instantiating module "monthlycounter" from file /etc/raddb/mods-enabled/sqlcounter

Any help would be greatly apprciated! PS: I tried changing the shortname in the nas table the same as the ip but it still didn't work

Great! I've written up a full answer, could you mark it as accepted, thanks! — Arran Cudbard-Bell, Aug 09 '18 at 13:37

score 0 · Answer 1 · answered Aug 09 '18 at 13:37

So the issue here is you're specifying a virtual server to add the clients into. By all rights it should really error out, because the "default" virtual server doesn't actually exist, but I guess the SQL client code is forgiving.

The confusion is understandable because there's a file freeradius/sites-available/default, but, if you look at the beginning of the server section server { it doesn't actually specify a name, the virtual server in this file has no identifier. If you wanted this to work how you intended you'd need to actually name the virtual server something e.g. server default {.

So you have two options, either set that field to NULL so the clients all get added into the global client table, or specify an identifier for the virtual server.

cannot read clients from nas table in freeradius only from clients.conf

1 Answers1