How to transfer authentication method from system to mysql?

Lewis Bergman lbergman at wtxs.net
Sun Dec 4 15:28:27 CET 2005 

darkblue wrote:
> DEFAULT         Auth-Type := System, Group == "admin", Huntgroup-Name == "cisco"
>                 Service-Type = NAS-Prompt-User,
>                 Cisco-AVPair = "shell:priv-lvl=15",
>                 Login-Service = Telnet
> 
> DEFAULT         Auth-Type := System, Group == "monitor",
> Huntgroup-Name == "cisco"
>                 Service-Type = NAS-Prompt-User,
>                 Cisco-AVPair = "shell:priv-lvl=1",
>                 Login-Service = Telnet
> 
> DEFAULT         Auth-Type := System, Group == "admin", Huntgroup-Name == "3com"
>                 Login-Service = Telnet,
>                 3Com-User-Access-Level = 3
> 
> DEFAULT         Auth-Type := System, Group == "monitor",
> huntgroup-Name == "3com"
>                 Login-Service = Telnet,
>                 3Com-User-Access-Level = 1
> 

> this kind of configuration work just fine. and now, I would like to
> use mysql for user db backend. So I got two problem.
> 1. could mysql utilize the huntgroup file?
yes
> 2. how to transfer this user info , group check and group reply info
> into mysql?

INSERT into radgroupcheck set GroupName='admin', Attribute='User-Name', 
op=':=', Value='DEFAULT';
INSERT into radgroupcheck set GroupName='admin', Attribute='Auth-Type', 
op=':=', Value='local';
INSERT into radgroupcheck set GroupName='admin', 
Attribute='Huntgroup-Name', op=':=', Value='cisco';

INSERT into radgroupreply set GroupName='admin', 
Attribute='Service-Type', op'=', Value='NAS-Prompt-User';
INSERT into radgroupreply set GroupName='admin', 
Attribute='Cisco-AVPair', op'=', Value='shell:priv-lvl=15';
INSERT into radgroupreply set GroupName='admin', 
Attribute='Login-Service', op'=', Value='Telnet';


I think the above would work but I honestly can't see why you would want 
to use the db for that few number of users. I have never used the 
Huntgroup-Name attribute like that so you may be better off using the 
hints file for that if it doesn't work. The hints file might look like this:
DEFAULT NAS-IP-Address == "192.168.1.1"
	Huntgroup-Name := "cisco"

I believe you are still going to have to have an entry in the radcheck 
table that lists the user and password as well.
INSERT into radcheck set UserName='DEFAULT', Attribute='Password', 
op=':=', Value='changeme';

Then to pull it all together an entry in the usergroup table:
INSERT into usergroups set UserName='DEFAULT', GroupName='admin';

It would seem to me that you would also need a Fall-Through = Yes there 
somewhere in radgroupcheck. Like I said, never tried to enter anything 
with the DEFAULT username in the db before. That is really what one 
intendeduse of the users file.

If I am off I am sure that Alan will correct me.

More information about the Freeradius-Users mailing list