Re: Freeradius/*SQL question
Rens Houben <[EMAIL PROTECTED]> wrote: > I've been using freeradius as authentication server for quite some time > now, and so far it has worked very well. However, now one of my > colleagues has asked me to set up a second radius server for local > dialup accounts which will be administered by someone who doesn't have > the faintest idea how to admin a linux system, so I decided to set that > one up with mysql-based authentication and write a set of php scripts > around it to nip that headache in the bud. FreeRADIUS comes with dialup-admin, which is a set of PHP scripts to administer the SQL database associated with the server. > First off, is it neccessary to fill the dictionary table as well, or can > the text version be used directly for that? More to the point, how do I > tell radiusd to ONLY look in its sql table for authentication? The dictionaries have nothing to do with authentication. They can be plain text files. To configure SQL authentication, read the 'radiusd.conf' file, or look through the list archives. > Second, is there any way to use crypted passwords in the SQL database? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Another FreeRadius/SQL Question
"Tim D. McCracken" <[EMAIL PROTECTED]> wrote: > When using the relational database modules (MySql or Oracle), > are the use entries looked up during the authentication process Yes. > or are they loaded one time at startup, thus requiring a HUP > similar to the file based method? Hmm... would it really be a good idea to pre-load a 100M SQL database into the server? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/*SQL question
> First off, is it neccessary to fill the dictionary table as well, or can > the text version be used directly for that? More to the point, how do I > tell radiusd to ONLY look in its sql table for authentication? This is controlled like any other aunthentication module, via the authenticate {} block in your radiusd.conf. If all you want is sql, then only put the sql module in there. > Second, is there any way to use crypted passwords in the SQL database? > I'm keeping a fairly tight lid on security in most matters but plaintext > passwords always make me nervous. Use PAP exclusively for dialup. If you want to support CHAP for dialup, passwords _must_ be cleartext. See the FAQ and list archives for more details. -Shawn > > Thanks for the software, > -Shad > -- > Rens Houben |opinions are mine > Resident linux guru and sysadmin | if my employers have one > Systemec Internet Services. |they'll tell you themselves > PGP public key at http://suzaku.systemec.nl/shadur.key.asc > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Shawn K. O'Shea Sr. Unix Administrator DSL.net, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Another FreeRadius/SQL Question
When using the relational database modules (MySql or Oracle), are the use entries looked up during the authentication process or are they loaded one time at startup, thus requiring a HUP similar to the file based method? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius/*SQL question
Hello, I've been using freeradius as authentication server for quite some time now, and so far it has worked very well. However, now one of my colleagues has asked me to set up a second radius server for local dialup accounts which will be administered by someone who doesn't have the faintest idea how to admin a linux system, so I decided to set that one up with mysql-based authentication and write a set of php scripts around it to nip that headache in the bud. I've been looking for docs on how to set this up, but other than the sql schema to create the databases I didn't find much, so I have a couple of questions: First off, is it neccessary to fill the dictionary table as well, or can the text version be used directly for that? More to the point, how do I tell radiusd to ONLY look in its sql table for authentication? Second, is there any way to use crypted passwords in the SQL database? I'm keeping a fairly tight lid on security in most matters but plaintext passwords always make me nervous. Thanks for the software, -Shad -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html