RADIUS with MySQL Support

gistfile1.txt

Ubuntu MySQL & RADIUS Howto:

Install MySQL

# apt-get install mysql-server mysql-client

Secure MySQL

Mysql_secure_installation


Install radius with MySQL Support and create database

# apt-get install freeradius freeradius-mysql
mysql> create database radius

Install schema 

# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

You should have 7 tables as shown below:
radacct
radcheck
radgroupcheck
radgroupreply
radpostauth
radreply
radusergroup

Edit the file /etc/freeradius/sql.conf and change the following parameters to suite your environment:
server = "localhost"
login = "raduser"
password = "radpasswd"
radius_db = "radius"

Enable the SQL configuration in /etc/freeradius/radiusd.conf by uncommenting the following line:

$INCLUDE sql.conf

Enable SQL configuration in the default enabled site /etc/freeradius/sites-available/default:

authorize {
    ...
    sql
    ...
}

accounting {
    ...
    sql
    ...
}

session {
    ...
    sql
    ...
}

post-auth {
    ...
    sql
    ...
}
Insert the following record into radcheck table:
INSERT INTO radcheck (id , username, attribute, op, value) VALUES (NULL , 'test', 'MD5-Password', ':=', MD5( '1234567' ));

Note: More info on the 'op' value can be obtained by reading the 'unlang' man page.  Snippet shown below:
Operators
      The operator used to assign the value of the attribute may be one of the following, with the given meaning.

      =      Add the attribute to the list, if and only if an attribute of the same name is already present in that list.

      :=     Add  the attribute to the list.  If any attribute of the same name is already present in that list, its value is replaced with the value of the current
             attribute.

      +=     Add the attribute to the tail of the list, even if attributes of the same name are already present in the list.

Enforcement and Filtering Operators
      The following operators may also be used in addition to the ones listed above.  Their function is to perform enforcement or filtering on attributes in a list.

      -=     Remove all matching attributes from the list.  Both the attribute name and value have to match in order for the attribute to be removed from the list.

      ==     Remove all non-matching attributes from the list.  Both the attribute name and value have to match in order for the attribute to remain in the list.

             Note that this operator is very different than the '=' operator listed above!

      <=     Enforce that the integer value of the attribute is less than or equal to the value given here.  If there is no attribute of the same name in the  list,
             the  attribute  is  added  with  the  given value, is with "+=".  If an attribute in the list exists, and has value less than given here, it's value is
             unchanged.  If an attribute in the list exists, and has a value greater than given here, then that value is replaced with the one given here.

             This operator is valid only for attributes of integer type.

      >=     Enforce that the integer value of the attribute is greater than or equal to the value given here.  If there is no attribute of the  same  name  in  the
             list, the attribute is added with the given value, is with "+=".  If an attribute in the list exists, and has value greater than given here, it's value
             is unchanged.  If an attribute in the list exists, and has value less than given here, then that value is replaced with the one given here.

Start freeradius in debug mode by using the command below:
# freeradius -X

In another terminal console, use radtest again to test the connection:

# radtest test 1234567 localhost 1812 testing123

There should also be some records in the radpostauth table:

mysql> select * from radpostauth;