Problem with MySQL + system auth

Alan DeKok aland at deployingradius.com
Thu Jan 24 07:18:55 CET 2008


William wrote:
> Greetings,
>   In working to get my new radius server working I have run into a snag.  I 
> need to authenticate using a SQL database or system password file

  To be clear: databases do not perform authentication.  Being confused
about the functionality and operation of the system means that it's more
difficult to come up with a simple solution.

  FreeRADIUS obtains passwords from databases.  So your goal now is to
figure out how to query the *correct* database for the users password.

> depending 
> on where the request comes from, however the user may exist in both, with 
> different passwords.  How do I tell it to use the MySQL username/password 
> pairs 'only' when it comes from a specific NAS?  

  Put the NASes into groups.  See "man rlm_passwd" for ways to create
different groups.  Key off of NAS-IP-Address.

  Then, have a policy saying "NAS group A uses SQL", and "NAS group B
uses /etc/passwd".

> I have tried specifing the "Auth-Type := LOCAL" in my SQL reply tables,

  Don't.

  Alan DeKok.



More information about the Freeradius-Users mailing list