FreeRADIUS / PostgreSQL?
Mark DeCheser
lists at decheserstudios.com
Tue Sep 3 18:11:21 CEST 2013
Quick follow-up on this issue. It's resolved. I wanted to share the
resolution with the community should anyone encounter a similar issue.
One part of the equation was provided by Phil and Fajar below:
>> Did you read Phil's excellent reply?
>> http://lists.freeradius.org/pipermail/freeradius-users/2013-August/067991.html
> In reviewing your directions, I noticed one configuration missing from my
> setup:
>
> /etc/raddb/sql.conf, $INCLUDE sql/${database}/dialup.conf was commented!
>
> I uncommented, re-ran radiusd -X, and saw much more information:
> Module: Linked to module rlm_sql
> Module: Instantiating module "sql" from file /etc/raddb/sql.conf
> sql {
> driver = "rlm_sql_postgresql"
> server = "localhost"
> port = "5432"
> login = "DBusername"
> password = "DBpassword"
> radius_db = "radiusDB"
> read_groups = yes
> sqltrace = yes
> sqltracefile = "/var/log/radius/sqltrace.sql"
> readclients = no
> deletestalesessions = yes
> num_sql_socks = 5
> lifetime = 0
> max_queries = 0
> sql_user_name = "%{Stripped-User-Name}"
> default_user_profile = ""
> nas_query = "SELECT id, nasname, shortname, type, secret, server FROM
> nas"
> [SNIP]
> }
> rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql)
> loaded and linked
The other component missing was definitely in pg_hba.conf. Below is
incorrect:
> local all all trust
> host all all 127.0.0.1/32 trust
> host all all ::1/128 trust
The following entries worked for me:
local all all password
host all all MY.PUB.IP.ADDR/24 trust
host all all ::1/128 trust
It's also worth note that I have an iptables rule blocking inbound
connections to PostgreSQL from all external hosts.
As of last night, I managed to cobble together unified authentication for
PPTP, Squid, using FreeRADIUS users stored in PostgreSQL.
Thanks for everyone's help!
Cheers,
MD
More information about the Freeradius-Users
mailing list