Thanks for responding again. I know that it is not easy to configure any server in Linux. What I did was create a database and import schema.sql. mysql -u radius -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql When the client connects, it writes to the postauth table but when disconnecting and reconnecting, an error is output from the radcheck table. I'm stuck at that point. Maybe I have to create my own schema as you told me and stop using the freeradius schema? Thanks for the patience. El lun., 11 de noviembre de 2024 08:13, Alan DeKok < aland@deployingradius.com> escribió:
On Nov 11, 2024, at 3:40 AM, Rodrigo Prieto <rodrigoprieto2019@gmail.com> wrote:
Thanks for responding. I've been trying but I can't solve it. I am a
novice
user and there are things that escape me. I appreciate your help.
FreeRADIUS isn't something where you can hit a button and it does what you want. FreeRADIUS is more like a set of building blocks. You can build anything you want, but you have to put the pieces together yourself.
You said you wanted to track who is using what certificate. This means using a database. FreeRADIUS doesn't include it's own database. Instead, it connects to any external database like redis, SQL, LDAP, etc.
You need to write a database schema to store the data you want. You need to write queries to read and write the data. All of the documentation for how to do this is *database* documentation, and not *FreeRADIUS* documentation. So we're not going to explain here how to use SQL, LDAP, etc. You've got to go read that documentation.
Once you have a schema and queries, you can just add the queries to the FreeRADIUS config.
You then need to decide when / where to run the queries in FreeRADIUS. You can usually write down simple explanations as sentences:
when the user logs in, use the Calling-Station-ID to check the database for certificate information
if it isn't found, let them log in. And then before the server sends an Access-Accept, write the Calling-Station-ID and certificate information to the database.
if the certificate information is found in the database, then compare the found information to the certificate.
if the information doesn't match, reject the user.
When you write down exactly what you want to do, the problem becomes much simpler to solve. It's not a huge unknown thing. Instead, it's broken down into a series of smaller problems, which are easier to solve.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html