use realms to access different mysql tables

Kevin Bonner keb at pa.net
Wed Mar 28 00:42:56 CEST 2007


On Tuesday 27 March 2007 18:13:09 Alexander Papenburg wrote:
> Hi Freeradius-Mailing-List,
>
> does anyone of you differentiate sql database table with realms?
> E.g.:
>
> Auth-Requests for user1 at realm1 will be checked against table db_radius1
> Auth-Requests for user1 at realm2 will be checked against table db_radius2
> .....and so on.
>
> I already found out that it is possible to use multiple sql instances,
> but for what i understand is that they would be asked/checked one after
> another. That would be nice for failover scenarios but if there are
> about 20-30 realms to check it would be result in a very slow
> performance (depending on mysql host speed).
> So is there a better way to solve this Problem? All users in one
> database is at the time unfortunately no option...
>
>
> Thanks in advance
>
> Alex

An example of this is below.  In each sql definition you can define the 
different queries necessary to handle a particular realm.  realm3 shows how 
to allow multiple realms to use the same db/SQL queries, so you can easily 
merge the databases over time and update the users file to reflect the db 
changes.

Kevin Bonner

== sql.conf ==
sql db1 { ... }
sql db2 { ... }
...
== sql.conf ==

== radiusd.conf ==
authorize {
    ...
    Autz-Type SQL1 {
        db1
    }
    Autz-Type SQL2 {
        db2
    }
}
== radiusd.conf ==

== users ==
DEFAULT Realm == "realm1", Autz-Type := SQL1
DEFAULT Realm == "realm2", Autz-Type := SQL2
DEFAULT Realm == "realm3", Autz-Type := SQL2
...      OR
DEFAULT User-Name =~ "@realm1$", Autz-Type := SQL1
DEFAULT User-Name =~ "@realm2$", Autz-Type := SQL2
DEFAULT User-Name =~ "@realm3$", Autz-Type := SQL2
== users ==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070327/314c593c/attachment.pgp>


More information about the Freeradius-Users mailing list