[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] configure --with-mysql
From: |
Maurice Makaay |
Subject: |
Re: [Help-gnu-radius] configure --with-mysql |
Date: |
Wed, 26 Nov 2003 22:11:28 +0100 |
Hi Greg,
> I have no idea how to configure the radiusd to actually *use* mysql. The
> radiusd man page refers to config(5rad), but I can't see anywhere that
> said page is being created.
One step further to Mysql in gnu-radius I see. Let's see if I can help
you to the next level.
In your users file, you'll have to create a user which uses SQL as the
authentication type. Something like:
DEFAULT Auth-Type = SQL
NULL
This is a synonym for:
DEFAULT Auth-Type = Crypt-Local, Password-Location = SQL
NULL
So what you say here is: for this user, the password is stored crypted
in a (Mysql) database. The radius server will check the password using
the configuration in the sqlserver file. In this file, you can setup
and customize the authentication queries to use. You can even do
accounting using Mysql, but let's not focus on that part now.
See the documentation for the exact use of the sqlserver file. Some
pointers:
* Setup the right connection parameters (username, password, database name,...)
* Enable SQL authentication by setting "doauth yes"
* The auth_query is the most important query in the authentication process.
This query will retrieve the password from a users table. You can use
the default queries or define your own.
For information on using the sqlserver configuration file, take a look at:
http://www.gnu.org/software/radius/manual/html_chapter/radius_5.html#SEC120
Nice stuff that can be done using SQL authentication:
* Check and set arbitrairy attributes using {check,reply}_attr_query.
This way you can for example return Framed-IP-Address attributes
for each user, without having to create user entries for each one
of them.
* Using the group query you can assign (one or more) groups to users.
Using the "Group" attribute you can check for these groups in you
users file. I use this group system for example to disable users by
adding the group "disabled" to their account. The users file looks
somewhat like:
DEFAULT Auth-Type = SQL, Group != "disabled"
NULL
The basic point is: SQL authentication rules; make it work for you!
Good luck!
-- Maurice Makaay
Re: [Help-gnu-radius] configure --with-mysql,
Maurice Makaay <=