user auth against mysql

Dennis Skinner dskinner at
Tue Aug 8 23:44:22 CEST 2006

richard lucassen wrote:
> Sorry, I have privileges to read the UserName and the (encrypted)
> Password field. 

Then you will be severely limited in the protocols you can use (because
of the encryption).  You cannot use any protocol where the client sends
the password already encrypted, it will need to be sent clear text over
the wire (ie PAP).

>>> 1) the sql.conf file is filled up with things I do not need, because
>>> the MySQL db has no structure that corresponds to the sql.conf file.
>>> Can I simply uncomment all lines I do not need?
>>   The schema FreeRADIUS uses is pretty much hard-coded into the SQL
>> module, sorry.  So it can't easily be used with another schema.
> Ok, so AFAIUI it would be better to dump the original db to a file and
> populate a server which is set up according to the freeradius schema. If
> possible of course (but that's a MySQL issue and beyond the scope of
> this list of course)

If the DB is MySQL 5, you *may* be able to create a view.  Otherwise,
you may have to do what we did for a while.  We wrote a perl script to
translate from one schema to the other and ran it every 10 minutes.
Users were told to wait 10 mins before trying to login after an account
change (reactivation, password update, etc).

Dennis Skinner
Systems Administrator
BlueFrog Internet

More information about the Freeradius-Users mailing list