Re: FR SQL flexibility
That's it, thank you very much! -- Best Regards, Sinisa Burina - Original Message - From: "Oliver Graf" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 05:52 Subject: Re: FR SQL flexibility > Define multiple sql instances with different queries. > > Use huntgroups to set an Auth-Type. > > Use the Auth-Type to select the correct SQL instance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR SQL flexibility
Hello! Is it possible, or could it be possible in the future to have users authenticated against different SQL tables/databases, optionally wven with different queries, depending on values of auth request attributes? Some way of dynamic definition of currently statically defined SQL queries and table names would really enhance the overall functionality and flexibility. For example, in my company's wireless environment, I'd like to have two kinds of authentication - MAC and VPN, and instead of having two separate radius servers it would be much nicer to have just two different tables (one with MAC addresses and the other with VPN usernames/passwords) and to chose appropriate table based on, say, NAS-IP-Address attribute. -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Environment variables
> From: "Alan DeKok" <[EMAIL PROTECTED]> > > I'm opposed to that. See: > > http://www.opengroup.org/onlinepubs/007908799/xbd/envvar.html > > Having '-' in an environment variable leads to problems. I understand. > But you've got access to the source. If you don't like the way it > works now, you can always fix it. If I succeed in this migration attempt, I think it's much better to change few external scripts and just leave FR as it is. Any code tweaks would (as always) lead to trouble on every future FR upgrade. Thanks for pointing out above URL to me! -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Environment variables
I have encountered an unexpected problem - environment variables passed to external programs are not the same as RADIUS attributes. All letters are in uppercase and dashes are replaced by underscores. It's not a crucial problem, but it would be extremely useful to have configuration option that would instruct FR not to translate attribute names to env vars, but copy them exactly as they are. -- Best Regards, Sinisa Burina smime.p7s Description: S/MIME cryptographic signature
Re: XTRadius to FreeRadius migration
> From: "Tom Emerson" <[EMAIL PROTECTED]> > I'll jump in here with a suggestion -- it took a while for it to sink in for > me, so perhaps this will help someone else stay afloat... Thanks for the jump! > You can "fake it" somewhat with > > SELECT id,user as username,"Password" as attribute, > password as value,"==" as op >FROM ${authcheck_table}... > > in this example, I'm presuming actual field names of "user" and "password", > which need to correspond to the names "username" and "value" as required by > the internals of the program [err, hope I have that part right] Likewise, > this returns hard-coded field values of the word "password" and an operator > of "==" for the attribute and op fields. Yes, this is the last thing left to be clarified - whether the module reads data from the database as hash with hardcoded field names, or its just a row, in which case the position of fields in SQL reply is important. Anyway, it's possible to satisfy both at the same time. Thank you very much for your help! -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XTRadius to FreeRadius migration
> From: "Alan DeKok" <[EMAIL PROTECTED]> > "Sinisa Burina" <[EMAIL PROTECTED]> wrote: > > > accounting) by external scripts, with custom MySQL database in the > > background that holds all the information and flags for ADSL/VPN > > accounts. > > FreeRADIUS can do this without running external scripts. I'm still puzzled - do I _have_ to follow proposed MySQL DB structure with attributes and operatirs, or there is a way to use my existing structure which is conceptually very different and is not to be changed? Let's leave all the rest on the side, and see how to authenticate the user against plaintext password stored in one simple MySQL table with only two fields: "user" and "pass", using FR integrated features. A simple example would be very appreciated! :-) Please? > I would suggest that you build a *new* configuration for FreeRADIUS > to do what you want, instead of copying the old XTRadius > configuration. It will be much easier to do than duplicating > XTRadius, and it's something you'll want to do anyhow. Right, as soon as I develop the understanding of FR logic to some satisfactory level. :-) > These can be put into the 'acct_users' file. Change > Exec-Program-Account to Exec-Program-Wait, and accounting should work. Thanks, this is fully functional. -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
XTRadius to FreeRadius migration
Hello! MS-CHAPv2/EAP/LEAP support in FreeRadius caught my eye recently, and I started to consider replacing XTRadius with FreeRadius on my company's system. Currently I do everything (authentication, authorization and accounting) by external scripts, with custom MySQL database in the background that holds all the information and flags for ADSL/VPN accounts. What I need from FR for the beginning is exactly the same functionality I already have developed with XTR, which seems _very_ possible except one detail that I seem unable to figure out - getting plaintext passwords stored in custom MySQL database (somehost, somedb, sometable, somefield). In other words, I need to authenticate users using existing MySQL DB, and call my own script for checking all other parameters. Can anyone give me at least a hint on how to acomplish this? As I understand, Auth-Type "External" doesn't exist in FR, so it has to take over authentication process from my script and, hopefully, enhance it with support for additional authentication protocols. :-) My current XTR users file is as follows: (Script "proc_check" currently takes care of username/password verification for PAP and CHAP.) == DEFAULT Auth-Type = External Fall-Through = Yes DEFAULT Simultaneous-Use = 1 Fall-Through = Yes DEFAULT Acct-Status-Type = "Start" Exec-Program-Account = "/path/to/proc_start %u" DEFAULT Acct-Status-Type = "Stop" Exec-Program-Account = "/path/to/proc_stop %u" DEFAULT Acct-Status-Type = "Alive" Exec-Program-Account = "/path/to/debug update" DEFAULT Exec-Program-Wait = "/path/to/proc_check %u" ====== -- Best Regards, Sinisa Burina smime.p7s Description: S/MIME cryptographic signature