Opinion about idea

Sat Apr 6 00:00:44 CEST 2019

Rafael,

1. Add multiples sql statements in
/opt/freeradius4/etc/raddb/mods-available/sql. e.g: clientX_sql { .... },
clientY_sql { .... }
2. Then, create somelogic to forward the authentications based on
%{NAS-IP-Address}

e.g:

if ("%{NAS-IP-Address}" == "X") {
    %{clientX_sql: SELECT * ...... }
}
....

ps: Maybe something based on realm can be better. Boa sorte.

--
Jorge Pereira

On Fri, Apr 5, 2019 at 6:42 PM Rafael Labiak Olivastro <
rolivastro at hotmail.com> wrote:

>
> Good afternoon to all,
>
>
>
> Currently I have almost 1000 clients (enterprises) using your own MySQL
> database and FreeRadius instance, working very Well. (each one with their
> own Linux server)
>
> Recently, some of them ask me to host the database and FreeRadius, to
> avoid infra-sctructure problems.
>
>
>
> Is it possible to run just one FreeRadius Server, where it will be
> multiple MySQL databases, and “tell” to FreeRadius authenticate according
> client IP ?
>
>
>
> Example:
>
>
>
> Client Enterprise 1 -> NAS IP 200.200.200.200 --> Then the FreeRadius will
> use MySQL database “client1”
>
> Client Enterprise 2 -> NAS IP 100.100.100.100 --> Then the FreeRadius will
> use MySQL database “client2”
>
> Client Enterprise 3 -> NAS IP 222.222.222.222 --> Then the FreeRadius will
> use MySQL database “client3”
>
>
>
> In this way, every enterprise could have their own usernames, where the
> username “joao” from client1 is diferent than “joao” from client2.
>
> I research a little about virtual servers and sql instances, but I don´t
> know if this is the correct way.
>
>
>
> What do you guys think about it ?
>
>
>
> We are talking about 1000 enterprises and almost 1.000.000 usernames.
>
>
>
> Rafael Labiak Olivastro
>
> http://www.vigo.com.br
>
>
>
>
>
> Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para
> Windows 10
>
>
>
> ________________________________
> De: Freeradius-Users <freeradius-users-bounces+rolivastro=
> hotmail.com at lists.freeradius.org> em nome de Alan DeKok <
> aland at deployingradius.com>
> Enviado: Friday, April 5, 2019 12:10:28 PM
> Para: FreeRadius users mailing list
> Assunto: Re: Help with external authentication using PHP
>
> On Apr 5, 2019, at 12:03 PM, Ekene Ezeasor <ezeasorekene at gmail.com> wrote:
> > Changing the passwords to clear-text is not an option ofcourse and we do
> > Wi-Fi. Assuming we want to start using the SQL authorization with sha512
> > (with hash). How do I implement the SQL query to check for sha512
> password
> > using the correct hash?
>
>   Are you using TTLS with inner PAP?  If not, then what you want is
> impossible.
>
>   If blowfish doesn't work, then changing to SHA512 hashed passwords won't
> help.
>
>   Understanding the problem helps here.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C6e61990faf4e425fb0ae08d6b9e14738%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636900774536523880&sdata=77U%2FMr80B1EYVpHJgEcv9r3c4WdyjQxaINrZVp6hew8%3D&reserved=0
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html