user auth against mysql

richard lucassen mailinglists at
Tue Aug 8 22:55:24 CEST 2006

On Tue, 08 Aug 2006 16:10:18 -0400
"Alan DeKok" <aland at> wrote:

> richard lucassen <mailinglists at>wrote:
> > I do NOT administrate this MySQL database and I have just
> > 'databasename + username field + password field' and I just have
> > access to this db to authenticate. Nothing more than that.
>   I'm not sure what you mean by "access to this DB to authenticate".

Sorry, I have privileges to read the UserName and the (encrypted)
Password field. 

> > 1) the sql.conf file is filled up with things I do not need, because
> > the MySQL db has no structure that corresponds to the sql.conf file.
> > Can I simply uncomment all lines I do not need?
>   The schema FreeRADIUS uses is pretty much hard-coded into the SQL
> module, sorry.  So it can't easily be used with another schema.

Ok, so AFAIUI it would be better to dump the original db to a file and
populate a server which is set up according to the freeradius schema. If
possible of course (but that's a MySQL issue and beyond the scope of
this list of course)

> > 2) in the accounting and authorize part of radiusd.conf there is an
> > entry "sql", but not in "authenticate" as where I'd expect such an
> > entry. Why is that?
>   Does your SQL DB perform 802.1X authentication?  MS-CHAP?  CHAP?
> HTTP digest authentication?
>   I thought not.  SQL DB's are data stores, not authentication
> servers.  FreeRADIUS is an authentication server, not a data store.

Ok, that's clear. Thnx.


It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

| Richard Lucassen, Utrecht                                        |
| Public key and email address:                                    |
|                         |

More information about the Freeradius-Users mailing list