FreeRADIUS, MySQL and usergroups again

Christopher Carver ccarver at pennswoods.net
Thu May 11 17:38:39 CEST 2006


If you want to use rlm_sql you do this with the tables radius.usergroup 
and radius.radgroupcheck.  In radius.radgroupcheck you'd have something 
like this:

+----+---------------+-----------+----+--------+
| id | GroupName     | Attribute | op | Value  |
+----+---------------+-----------+----+--------+
|  1 | RASUser     | Auth-Type | := | system |

Then in radius.usergroup for each user you want in this group you'll 
have a row like this:

+--------+----------+---------------+
| id     | UserName | GroupName     |
+--------+----------+---------------+
|  39747 | thisuser  | RASUser    |

That pasted rather ugly, but I think you should get the point.  Using 
sql eliminates the need for the users file to be able to do what you 
asked about.  Let me know if this doesn't answer your question.

Chris Carver
Pennswoods.Net
Network Engineer

Michael Schwartzkopff wrote:
> Hi,
>
> I want to authorize users according to the membership in a group. With 
> Auth-Type=System it is easy:
>
> DEFAULT       Auth-Type = System, Group == "RASUser"
>
> Is there any analogy to this setup in the sql module? Thanks for any help, I 
> am quite desparate already ...
>
>   
> ------------------------------------------------------------------------
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list