Re: [Help-gnu-radius] configure --with-mysql

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] configure --with-mysql

From:	Maurice Makaay
Subject:	Re: [Help-gnu-radius] configure --with-mysql
Date:	Wed, 26 Nov 2003 22:11:28 +0100

Hi Greg,

> I have no idea how to configure the radiusd to actually *use* mysql.  The 
> radiusd man page refers to config(5rad), but I can't see anywhere that 
> said page is being created.

One step further to Mysql in gnu-radius I see. Let's see if I can help
you to the next level.

In your users file, you'll have to create a user which uses SQL as the
authentication type. Something like:

DEFAULT Auth-Type = SQL
        NULL

This is a synonym for:

DEFAULT Auth-Type = Crypt-Local, Password-Location = SQL
        NULL

So what you say here is: for this user, the password is stored crypted
in a (Mysql) database. The radius server will check the password using
the configuration in the sqlserver file. In this file, you can setup
and customize the authentication queries to use. You can even do 
accounting using Mysql, but let's not focus on that part now.

See the documentation for the exact use of the sqlserver file. Some
pointers:

* Setup the right connection parameters (username, password, database name,...)
* Enable SQL authentication by setting "doauth yes"
* The auth_query is the most important query in the authentication process.
  This query will retrieve the password from a users table. You can use
  the default queries or define your own.

For information on using the sqlserver configuration file, take a look at: 
http://www.gnu.org/software/radius/manual/html_chapter/radius_5.html#SEC120

Nice stuff that can be done using SQL authentication:

* Check and set arbitrairy attributes using {check,reply}_attr_query.
  This way you can for example return Framed-IP-Address attributes
  for each user, without having to create user entries for each one
  of them.

* Using the group query you can assign (one or more) groups to users.
  Using the "Group" attribute you can check for these groups in you
  users file. I use this group system for example to disable users by
  adding the group "disabled" to their account. The users file looks
  somewhat like:
  DEFAULT Auth-Type = SQL, Group != "disabled"
          NULL

The basic point is: SQL authentication rules; make it work for you!

Good luck!

-- Maurice Makaay

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] configure --with-mysql, Greg G, 2003/11/26
- Re: [Help-gnu-radius] configure --with-mysql, Gerald, 2003/11/26
  - Re: [Help-gnu-radius] configure --with-mysql, Greg G, 2003/11/26
    - Re: [Help-gnu-radius] configure --with-mysql, Maurice Makaay, 2003/11/26
    - Re: [Help-gnu-radius] configure --with-mysql, Greg G, 2003/11/28
    - Re: [Help-gnu-radius] configure --with-mysql, Sergey Poznyakoff, 2003/11/27
    - Re: [Help-gnu-radius] configure --with-mysql, Greg G, 2003/11/28
- Re: [Help-gnu-radius] configure --with-mysql, Maurice Makaay <=

Prev by Date: Re: [Help-gnu-radius] configure --with-mysql
Next by Date: Re: [Help-gnu-radius] Problem with authentication with User-Password
Previous by thread: Re: [Help-gnu-radius] configure --with-mysql
Next by thread: [Help-gnu-radius] Problem with GNU Radius 1.1
Index(es):
- Date
- Thread