Remote MySQL backend encryption

Eric.Hernandez at Eric.Hernandez at
Mon Apr 26 23:33:24 CEST 2010

I see thats what I thought, I also confirmed its all clear text with

If I were to switch my backend to an ldap system would I have encrypted
traffic for user authentication with freeradius remote ldap/backend setup?

Also is there a nas/radacct table equivalent in the ldap solution or is it
strictly for user authentication?

Message: 9
Date: Mon, 26 Apr 2010 15:04:17 -0400
From: John Dennis <jdennis at>
Subject: Re: Remote MySQL backend encryption
To: FreeRadius users mailing list
		 <freeradius-users at>
Message-ID: <4BD5E3B1.8060706 at>
Content-Type: text/plain; charset=UTF-8; format=flowed

On 04/26/2010 01:57 PM, Eric.Hernandez at wrote:
> Hi,
> I am trying to figure out if need to encrypt my traffic from a
> FreeRadius server to a remote MySQL backend.
> I have the following setup.
> FreeRadius/MySQL (Server1)
> FreeRadius/MySQL (Server2) Both Server1 and Server2 are doing MySQL
> Master to Master (ssl) Replication
> Now I want to add a third FreeRadius server without a local MySQL
> So this third server will point to either Server1 or Server2 which runs
> MySQL but will these request be sent to the remote MySQL Servers in
> clear text?

This has nothing to do with how many MySQL servers you've got or how
you're doing replication, encryption occurs on a per connection basis
(e.g. connections established via rlm_sql_mysql). rlm_sql_mysql never
opens an encrypted session with it's server because rlm_sql_mysql does
not have an option to set SSL/TLS transport (e.g. does not call
mysql_ssl_set()). That probably would be a good feature to add.

John Dennis <jdennis at>

Looking to carve out IT costs?


List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list