Rafael, 1. Add multiples sql statements in /opt/freeradius4/etc/raddb/mods-available/sql. e.g: clientX_sql { .... }, clientY_sql { .... } 2. Then, create somelogic to forward the authentications based on %{NAS-IP-Address} e.g: if ("%{NAS-IP-Address}" == "X") { %{clientX_sql: SELECT * ...... } } .... ps: Maybe something based on realm can be better. Boa sorte. -- Jorge Pereira On Fri, Apr 5, 2019 at 6:42 PM Rafael Labiak Olivastro < rolivastro@hotmail.com> wrote:
Good afternoon to all,
Currently I have almost 1000 clients (enterprises) using your own MySQL database and FreeRadius instance, working very Well. (each one with their own Linux server)
Recently, some of them ask me to host the database and FreeRadius, to avoid infra-sctructure problems.
Is it possible to run just one FreeRadius Server, where it will be multiple MySQL databases, and “tell” to FreeRadius authenticate according client IP ?
Example:
Client Enterprise 1 -> NAS IP 200.200.200.200 --> Then the FreeRadius will use MySQL database “client1”
Client Enterprise 2 -> NAS IP 100.100.100.100 --> Then the FreeRadius will use MySQL database “client2”
Client Enterprise 3 -> NAS IP 222.222.222.222 --> Then the FreeRadius will use MySQL database “client3”
In this way, every enterprise could have their own usernames, where the username “joao” from client1 is diferent than “joao” from client2.
I research a little about virtual servers and sql instances, but I don´t know if this is the correct way.
What do you guys think about it ?
We are talking about 1000 enterprises and almost 1.000.000 usernames.
Rafael Labiak Olivastro
Enviado do Email<https://go.microsoft.com/fwlink/?LinkId=550986> para Windows 10
________________________________ De: Freeradius-Users <freeradius-users-bounces+rolivastro= hotmail.com@lists.freeradius.org> em nome de Alan DeKok < aland@deployingradius.com> Enviado: Friday, April 5, 2019 12:10:28 PM Para: FreeRadius users mailing list Assunto: Re: Help with external authentication using PHP
On Apr 5, 2019, at 12:03 PM, Ekene Ezeasor <ezeasorekene@gmail.com> wrote:
Changing the passwords to clear-text is not an option ofcourse and we do Wi-Fi. Assuming we want to start using the SQL authorization with sha512 (with hash). How do I implement the SQL query to check for sha512 password using the correct hash?
Are you using TTLS with inner PAP? If not, then what you want is impossible.
If blowfish doesn't work, then changing to SHA512 hashed passwords won't help.
Understanding the problem helps here.
Alan DeKok.
- List info/subscribe/unsubscribe? See https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=02%7C01%7C%7C6e61990faf4e425fb0ae08d6b9e14738%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636900774536523880&sdata=77U%2FMr80B1EYVpHJgEcv9r3c4WdyjQxaINrZVp6hew8%3D&reserved=0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html