FreeRadius 1.1.3 with MySQL

Phil Mayers p.mayers at
Wed May 14 14:59:39 CEST 2008

Brad Furst wrote:
> Ivan Kalik wrote:
>> Create multiple sql instances. Create Autz-Type entry for each in
>> authorize section. Then add something like this in users file.
>> DEFAULT   Real == whatever, Autz-Type = sqlwhatever
>> This is much simpler with unlang in 2.0 (no Autz-Type entries needed,
>> just a switch block in authorize).
> I apologize for my ignorance, but if I'm understanding you correctly I 
> should be able to create multiple instances and go to authorize{} and do 
> something similar to this:
> authorize{
>    suffix
>    preprocess
>    Autz-Type SQL1{
>                sql1
>    }
>    Autz-Type SQL2{
>                sql2
>    }
>    files
> }
> And then tell the individual realms what to do and the Autz type in the 
> users file to use like this:
> DEFAULT, Autz-Type=SQL1
> DEFAULT, Autz-Type=SQL2
> Alan DeKok wrote:
>> I'm actually doing this in 2.0 without using multiple SQL instances.
>> I just have a table per realm, and I update the table name in the SQL
>> query for each realm.
>> The SQL queries are dynamically expanded for *precisely* this reason.
> This would actually be ideal; the way mine is configured my sql queries 
> are in a seperate file called sql.conf. Would it be better for me to 
> move everything back over to radiusd.conf? Also, how would I pass it the 

That's not necessary. sql.conf is expanded just like radiusd.conf, since 
it's just an included file.

> required table names that were dependant on the realm? Can Realm be used 
> in an if then statement like
> if
> authtable=fakecompanyauth

You'd need to do another lookup; something like this in "users":

DEFAULT Realm ==
	Tmp-String-1 = "fake_com_auth"

DEFAULT Realm ==
	Tmp-String-1 = "fake2_com_auth"

...then in sql.conf:

blah_query = "select ... from %{Tmp-String-1} where username='%{..}'"

NOTE: the table name is NOT surrounded by single quotes, so you'll need 
to be careful to not let an SQL insertion attack; the users file is a 
good way of doing this

> ?
> -
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list