Created
August 1, 2012 21:49
-
-
Save iDiogenes/3231039 to your computer and use it in GitHub Desktop.
RADIUS with MySQL Support
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ubuntu MySQL & RADIUS Howto: | |
Install MySQL | |
# apt-get install mysql-server mysql-client | |
Secure MySQL | |
Mysql_secure_installation | |
Install radius with MySQL Support and create database | |
# apt-get install freeradius freeradius-mysql | |
mysql> create database radius | |
Install schema | |
# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql | |
You should have 7 tables as shown below: | |
radacct | |
radcheck | |
radgroupcheck | |
radgroupreply | |
radpostauth | |
radreply | |
radusergroup | |
Edit the file /etc/freeradius/sql.conf and change the following parameters to suite your environment: | |
server = "localhost" | |
login = "raduser" | |
password = "radpasswd" | |
radius_db = "radius" | |
Enable the SQL configuration in /etc/freeradius/radiusd.conf by uncommenting the following line: | |
$INCLUDE sql.conf | |
Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default: | |
authorize { | |
... | |
sql | |
... | |
} | |
accounting { | |
... | |
sql | |
... | |
} | |
session { | |
... | |
sql | |
... | |
} | |
post-auth { | |
... | |
sql | |
... | |
} | |
Insert the following record into radcheck table: | |
INSERT INTO radcheck (id , username, attribute, op, value) VALUES (NULL , 'test', 'MD5-Password', ':=', MD5( '1234567' )); | |
Note: More info on the 'op' value can be obtained by reading the 'unlang' man page. Snippet shown below: | |
Operators | |
The operator used to assign the value of the attribute may be one of the following, with the given meaning. | |
= Add the attribute to the list, if and only if an attribute of the same name is already present in that list. | |
:= Add the attribute to the list. If any attribute of the same name is already present in that list, its value is replaced with the value of the current | |
attribute. | |
+= Add the attribute to the tail of the list, even if attributes of the same name are already present in the list. | |
Enforcement and Filtering Operators | |
The following operators may also be used in addition to the ones listed above. Their function is to perform enforcement or filtering on attributes in a list. | |
-= Remove all matching attributes from the list. Both the attribute name and value have to match in order for the attribute to be removed from the list. | |
== Remove all non-matching attributes from the list. Both the attribute name and value have to match in order for the attribute to remain in the list. | |
Note that this operator is very different than the '=' operator listed above! | |
<= Enforce that the integer value of the attribute is less than or equal to the value given here. If there is no attribute of the same name in the list, | |
the attribute is added with the given value, is with "+=". If an attribute in the list exists, and has value less than given here, it's value is | |
unchanged. If an attribute in the list exists, and has a value greater than given here, then that value is replaced with the one given here. | |
This operator is valid only for attributes of integer type. | |
>= Enforce that the integer value of the attribute is greater than or equal to the value given here. If there is no attribute of the same name in the | |
list, the attribute is added with the given value, is with "+=". If an attribute in the list exists, and has value greater than given here, it's value | |
is unchanged. If an attribute in the list exists, and has value less than given here, then that value is replaced with the one given here. | |
Start freeradius in debug mode by using the command below: | |
# freeradius -X | |
In another terminal console, use radtest again to test the connection: | |
# radtest test 1234567 localhost 1812 testing123 | |
There should also be some records in the radpostauth table: | |
mysql> select * from radpostauth; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment