Problem with MySQL + system auth
Alan DeKok
aland at deployingradius.com
Thu Jan 24 07:18:55 CET 2008
William wrote:
> Greetings,
> In working to get my new radius server working I have run into a snag. I
> need to authenticate using a SQL database or system password file
To be clear: databases do not perform authentication. Being confused
about the functionality and operation of the system means that it's more
difficult to come up with a simple solution.
FreeRADIUS obtains passwords from databases. So your goal now is to
figure out how to query the *correct* database for the users password.
> depending
> on where the request comes from, however the user may exist in both, with
> different passwords. How do I tell it to use the MySQL username/password
> pairs 'only' when it comes from a specific NAS?
Put the NASes into groups. See "man rlm_passwd" for ways to create
different groups. Key off of NAS-IP-Address.
Then, have a policy saying "NAS group A uses SQL", and "NAS group B
uses /etc/passwd".
> I have tried specifing the "Auth-Type := LOCAL" in my SQL reply tables,
Don't.
Alan DeKok.
More information about the Freeradius-Users
mailing list