From users file to SQL

David Majorel dm at lagoon.nc
Tue Jun 5 06:05:42 CEST 2007


Hi,

I need to convert my users/group file to rlm_sql, but after reading the wiki, 
I can't figure out how to reproduce the flow.

I want to authorize all connections, except if the user exists and the 
password is wrong. If the users doesn't exist or is disabled, I set an 
unrouteable address to the user. The point is to prevent DSL routers to keep 
on trying to connect when they are misconfigured, or customer is suspended.
I use rlm_sql and rlm_sqlippool with a MySQL backend.

The users file I try to convert looks like this :

------
# Default profile for everyone 

DEFAULT Pool-Name = "default"
  Service-Type = Framed-User,
  Framed-Protocol = PPP,
  Framed-IP-Netmask = 255.255.255.254,
  Framed-MTU = 1492,
  Framed-Compression = Van-Jacobson-TCP-IP,
  Qos-Policy-Metering = DL128,
  Qos-Policy-Policing = UL64,
  Fall-Through = Yes

# Set group attributes

DEFAULT Group-Name == "SUSPENDED", Auth-Type := Accept, \ 
Pool-Name := "disabled"

DEFAULT Group-Name == "DSL500", Pool-Name := "dsl500"
  Qos-Policy-Metering := DL512,
  Qos-Policy-Policing := UL128,
  Fall-Through = Yes

[... more groups ...]

# Set user attributes

testuser ClearText-Password := 'test'
  Framed-IP-Address := [...],
  Framed-Route := [...],
  Framed-IP-Netmask := [...],

[... more users ...]

DEFAULT Auth-Type := Accept
------


According to the wiki, rlm_sql process users first, then groups. With this 
order, a user could have his IP/routes set even if he is disabled (because he 
is not rejected).
As I have about 10000 users, using big users/group files is not really an 
option :-)

Maybe I did something wrong, any help would be appreciated.

Thanks,
-- 
David Majorel
Offratel/Lagoon ISP



More information about the Freeradius-Users mailing list