I have managed to get MySQL to work for FreeRADIUS (thanks to the web page at http://www.frontios.com/freeradius.html) but have by now wasted hours while trying to get an answer to the question:
In which order are requests accepted or denied when using MySQL *and* the 'users' file? I thought the order of recognizing a valid user entry would depend on the order in which the words "files" (for the 'users' file) and "sql" (for requests to the MySQL database) are mentioned in the 'authorize' section of the main configuration file "radiusd.conf". Wrong? When running the radiusd using debug flags ("radiusd -Axxy") I can see that my request (using "radtest") is serviced in the order which *is* actually given by the above order. However when I create an entry for a user with equal attributes both in the MySQL database and in the 'users' file then the results are irritating. Let's say I set the order: files/sql. I can see the user being matched by the 'users' file. The log file reads: users: Matched testuser at 48 modcall[authorize]: module "files" returns ok Then the SQL section also matches: modcall[authorize]: module "sql" returns ok What I get in return are the Reply-Items stored in the MySQL database. Hmmm... I'd expected to get the first positive match which would be "files" instead of "sql" as I was not using any Fall-Through flags here. Now let's put it vice versa in the order sql/files. First the SQL module says: modcall[authorize]: module "sql" returns ok Then the 'users' file leads to: users: Matched testuser at 48 So far I would say that if two entries match then the latter is taken. But what actually happens is that FreeRADIUS replies the *MySQL reply items* to me! Now what? If MySQL and the 'users' file are both used and at least the MySQL entry matches then the MySQL Reply-Items have priority? I am very confused and do not dare to use this configuration in our setup of app. 100 users. Maybe someone can enlighten me? I'm very bad in reading source code. BTW, I find freeradius being much better than some commercial servers which should cost about $5000. Keep up the good work and *please* write better documentation to prevent the madhouses from filling. ;) Christoph - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html