The MySQL databases for Freeradius

tnt at kalik.net tnt at kalik.net
Tue Nov 24 20:35:17 CET 2009 

> I am sitting here trying to figure out how FreeRadius works towards MySQL.
>
> The database "radcheck" is for a singeluser if I have understood it
> correctly.
>
> What I want to do is that through MS Access make a form where I can add
> several attributes to the same row in the table.
>
> But since radcheck only seem to work with one attribute per row for one
> user I dont really know how to do.

You *can* have multiple entries (rows) for each user. You don't have to
cram everything into a single row.

> What I mean is that if I have a user called "test-user" and want to have
> two attributes for that user, in this case "Cleartext-Password" &
> "NAS-Port-Id" I need to have two rows for that user.

Tes, you do.

> radcheck:
>
> ------------------------------------------------------
>
> |id|username   |attribute              |op |value             |
>
> |1 |user-test   |Cleartext-Password|== |test-pass       |

That should be :=.

> |2 |user-test   |NAS-Port-Id          |== |raket             |
>
> -------------------------------------------------------
>
> The reason I want to make a form is because I want others than me being
> able to add new users and have them connected to the correct group which
> then will have a separate VLAN and SSID.

The form you generate with MS Access will put data into - MS Access
backend. You can't connect that form to MySQL. If you are a fan of Windows
use Windows (ASP.NET) forms or webforms which can place data into MySQL.

Freeradius comes with it's own admin GUI - dialup admin. There are also
outside projects like daloRadius. Or you can make your own using things
like PHP.

> So then I thought that if i use the table called "radusergroup" and link
> the user to a specific group it should work in a way that all members of
> this group may only connect to the network if they try to connect to the
> correct SSID. It seems that did not work either.

No, it will not work. Groups in sql emulate DEFAULT entries in users file
- if chack doesn't match, replies are ignored - user is not rejected.

> I am at a loss here and
> dont really know what I should do.

If you want user to get rejected if SSID doesn't match, you will need to
make it an entry in radcheck table. As long as the password is there too
user will be rejected.

Ivan Kalik

More information about the Freeradius-Users mailing list