FreeRadius 1.1.3 with MySQL

Phil Mayers p.mayers at imperial.ac.uk
Wed May 14 14:59:39 CEST 2008 

Brad Furst wrote:
> Ivan Kalik wrote:
>> Create multiple sql instances. Create Autz-Type entry for each in
>> authorize section. Then add something like this in users file.
> 
>> DEFAULT   Real == whatever, Autz-Type = sqlwhatever
> 
>> This is much simpler with unlang in 2.0 (no Autz-Type entries needed,
>> just a switch block in authorize).
> 
> I apologize for my ignorance, but if I'm understanding you correctly I 
> should be able to create multiple instances and go to authorize{} and do 
> something similar to this:
> 
> authorize{
>    suffix
>    preprocess
>    Autz-Type SQL1{
>                sql1
>    }
>    Autz-Type SQL2{
>                sql2
>    }
>    files
> }
> 
> And then tell the individual realms what to do and the Autz type in the 
> users file to use like this:
> 
> DEFAULT Realm==fakecompany.com, Autz-Type=SQL1
> DEFAULT Realm==fakecompany2.com, Autz-Type=SQL2
> 
> Alan DeKok wrote:
> 
>> I'm actually doing this in 2.0 without using multiple SQL instances.
>> I just have a table per realm, and I update the table name in the SQL
>> query for each realm.
> 
>> The SQL queries are dynamically expanded for *precisely* this reason.
> 
> This would actually be ideal; the way mine is configured my sql queries 
> are in a seperate file called sql.conf. Would it be better for me to 
> move everything back over to radiusd.conf? Also, how would I pass it the 

That's not necessary. sql.conf is expanded just like radiusd.conf, since 
it's just an included file.

> required table names that were dependant on the realm? Can Realm be used 
> in an if then statement like
> if realm=fakecompany.com
> authtable=fakecompanyauth

You'd need to do another lookup; something like this in "users":

DEFAULT Realm == fake.com
	Tmp-String-1 = "fake_com_auth"

DEFAULT Realm == fake2.com
	Tmp-String-1 = "fake2_com_auth"

...then in sql.conf:

blah_query = "select ... from %{Tmp-String-1} where username='%{..}'"

NOTE: the table name is NOT surrounded by single quotes, so you'll need 
to be careful to not let an SQL insertion attack; the users file is a 
good way of doing this



> ?
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list