Fwd: Bind radius client requests to a database
Ti Ti
tt91em at gmail.com
Fri Sep 22 15:49:43 CEST 2017
HI've the following freeradius configuration that I use to bind radius
clients to a specific db. The problem is that I use a virtual radius
associated to every db and I would avoid this. Is that possible to have a
single radius instance listening and forward the request to db using radius
client password (eventually contained in the nas table)?
server rad1 {
listen {
ipaddr = *
port = 1820
type = auth
}
listen {
ipaddr = *
port = 1821
type = acct
}
authorize {
db_rad_1
dailycounter_db_rad_1
noresetcounter_db_rad_1
preprocess
chap
mschap
digest
suffix
eap {
ok = return
}
files
expiration
logintime
pap
totalbytecounter_db_rad_1{
reject = 1
}
if(reject){
update reply {
Reply-Message := \"SESSION TERMINATED - YOUR TICKET IS EXPIRED\"
}
reject
}
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
digest
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
db_rad_1
exec
attr_filter.accounting_response
}
session {
db_rad_1
}
post-auth {
exec
Post-Auth-Type REJECT {
db_rad_1
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}
sql db_rad_1 {
database = "mysql"
driver = "rlm_sql_${database}"
dialect = "mysql"
server = "localhost"
port = 3306
login = "test"
password = "test"
radius_db = "radius1"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
delete_stale_sessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = ${thread[pool].max_servers}
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
group_attribute = "${.:instance}-SQL-Group"
read_clients = yes
client_table = "nas"
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}
More information about the Freeradius-Users
mailing list