Jason Antman wrote:
I was wondering if it is possible to have a sql authenticate{} section, and if so, how to define the queries?
No.
In the wiki, I find "Many people ask if they can "authenticate" users to their SQL database however the answer is "You are asking the wrong question." "
So, my question is: "When doing PAP (actually EAP-TTLS/PAP, in my case), how do I check a user's cleartext User-Password against one stored in a MySQL database?"
You don't. FreeRADIUS selects the password from the database, and then does authentication itself. Comparing the password manually works *only* for PAP. If you use CHAP, MS-CHAP, etc. it won't work. Let FreeRADIUS do its job. It's an authentication server. Let MySQL do its job. It's a database. Alan DeKok.