RES: Help with external authentication using PHP

Rafael Labiak Olivastro rolivastro at hotmail.com
Fri Apr 5 23:10:51 CEST 2019


Good afternoon to all,



Currently I have almost 1000 clients (enterprises) using your own MySQL database and FreeRadius instance, working very Well. (each one with their own Linux server)

Recently, some of them ask me to host the database and FreeRadius, to avoid infra-sctructure problems.



Is it possible to run just one FreeRadius Server, where it will be multiple MySQL databases, and “tell” to FreeRadius authenticate according client IP ?



Example:



Client Enterprise 1 -> NAS IP 200.200.200.200 --> Then the FreeRadius will use MySQL database “client1”

Client Enterprise 2 -> NAS IP 100.100.100.100 --> Then the FreeRadius will use MySQL database “client2”

Client Enterprise 3 -> NAS IP 222.222.222.222 --> Then the FreeRadius will use MySQL database “client3”



In this way, every enterprise could have their own usernames, where the username “joao” from client1 is diferent than “joao” from client2.

I research a little about virtual servers and sql instances, but I don´t know if this is the correct way.



What do you guys think about it ?



We are talking about 1000 enterprises and almost 1.000.000 usernames.



Rafael Labiak Olivastro

http://www.vigo.com.br





Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para Windows 10



________________________________
De: Freeradius-Users <freeradius-users-bounces+rolivastro=hotmail.com at lists.freeradius.org> em nome de Alan DeKok <aland at deployingradius.com>
Enviado: Friday, April 5, 2019 12:10:28 PM
Para: FreeRadius users mailing list
Assunto: Re: Help with external authentication using PHP

On Apr 5, 2019, at 12:03 PM, Ekene Ezeasor <ezeasorekene at gmail.com> wrote:
> Changing the passwords to clear-text is not an option ofcourse and we do
> Wi-Fi. Assuming we want to start using the SQL authorization with sha512
> (with hash). How do I implement the SQL query to check for sha512 password
> using the correct hash?

  Are you using TTLS with inner PAP?  If not, then what you want is impossible.

  If blowfish doesn't work, then changing to SHA512 hashed passwords won't help.

  Understanding the problem helps here.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C6e61990faf4e425fb0ae08d6b9e14738%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636900774536523880&sdata=77U%2FMr80B1EYVpHJgEcv9r3c4WdyjQxaINrZVp6hew8%3D&reserved=0


More information about the Freeradius-Users mailing list