Hi All,
I have been reading through the documentation, and I am having a little
problem connecting some of the how-to's about FreeRadius 0.93. We have a
FreeRadius 0.4 that I inherited and I am reading the Radius O'Reilly
book, but still missing something.
Problem. I don't understand how 'authentication' gets passed through
radiusd.conf and onto SQL config. We tried a cart-blanc upgrade to 0.93
but the 0.4 configs did not work, it complained about SQL not being an
authentication type.
--- This is my v.04 config ----------------------------
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
# The order of the realm modules will determine the order that
# we try to find a matching realm.
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
# files
# mschap
sql
}
# Authentication.
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that you have to have a module from the 'authorize' section add
# a configuration attribute 'Auth-Type := FOO'. That authentication
type
# is then used to pick the apropriate module from the list below.
authenticate {
# pam
# unix
# By grouping modules together in an authtype block, that authtype will
be
# tried on each module in sequence until one returns REJECT or OK. This
# allows authentication failover if the first SQL server has crashed,
for
# example.
authtype SQL {
sql
# sql2
}
# ldap
----------------------------------------------------------------------
I have the following two commands in my Cisco router.
aaa authentication ppp default group radius
aaa authorization network default if-authenticated
Which I plan on changing to
// I want to pick up attributes and I know everyone recommends this.
aaa authentication ppp if-needed default group radius
aaa authorization network default group radius
However when I used 0.93 it would no longer "authenticate" MySql.
Reading around I think I am misunderstanding how FreeRadius uses
Authentication, versus Authorization.
When cisco sends a packet it sends an Authentication, and then it sends
and authorization. But where does free radius answer this. I want to
authenticate with SQL using Chap.
If there is a document explaining it I would be appreciative, or if
someone can explain it to me likewise, I would be appreciative, and I
will create a document to add it to the set to explain it to others.
All the best,
Regards:jamie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
