Freeradius/*SQL question
Hello, I've been using freeradius as authentication server for quite some time now, and so far it has worked very well. However, now one of my colleagues has asked me to set up a second radius server for local dialup accounts which will be administered by someone who doesn't have the faintest idea how to admin a linux system, so I decided to set that one up with mysql-based authentication and write a set of php scripts around it to nip that headache in the bud. I've been looking for docs on how to set this up, but other than the sql schema to create the databases I didn't find much, so I have a couple of questions: First off, is it neccessary to fill the dictionary table as well, or can the text version be used directly for that? More to the point, how do I tell radiusd to ONLY look in its sql table for authentication? Second, is there any way to use crypted passwords in the SQL database? I'm keeping a fairly tight lid on security in most matters but plaintext passwords always make me nervous. Thanks for the software, -Shad -- Rens Houben |opinions are mine Resident linux guru and sysadmin | if my employers have one Systemec Internet Services. |they'll tell you themselves PGP public key at http://suzaku.systemec.nl/shadur.key.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Another FreeRadius/SQL Question
When using the relational database modules (MySql or Oracle), are the use entries looked up during the authentication process or are they loaded one time at startup, thus requiring a HUP similar to the file based method? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/*SQL question
First off, is it neccessary to fill the dictionary table as well, or can
the text version be used directly for that? More to the point, how do I
tell radiusd to ONLY look in its sql table for authentication?
This is controlled like any other aunthentication module, via the
authenticate {} block in your radiusd.conf. If all you want is sql, then
only put the sql module in there.
Second, is there any way to use crypted passwords in the SQL database?
I'm keeping a fairly tight lid on security in most matters but plaintext
passwords always make me nervous.
Use PAP exclusively for dialup. If you want to support CHAP for dialup,
passwords _must_ be cleartext. See the FAQ and list archives for more
details.
-Shawn
Thanks for the software,
-Shad
--
Rens Houben |opinions are mine
Resident linux guru and sysadmin | if my employers have one
Systemec Internet Services. |they'll tell you themselves
PGP public key at http://suzaku.systemec.nl/shadur.key.asc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shawn K. O'Shea
Sr. Unix Administrator
DSL.net, Inc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/*SQL question
Rens Houben [EMAIL PROTECTED] wrote: I've been using freeradius as authentication server for quite some time now, and so far it has worked very well. However, now one of my colleagues has asked me to set up a second radius server for local dialup accounts which will be administered by someone who doesn't have the faintest idea how to admin a linux system, so I decided to set that one up with mysql-based authentication and write a set of php scripts around it to nip that headache in the bud. FreeRADIUS comes with dialup-admin, which is a set of PHP scripts to administer the SQL database associated with the server. First off, is it neccessary to fill the dictionary table as well, or can the text version be used directly for that? More to the point, how do I tell radiusd to ONLY look in its sql table for authentication? The dictionaries have nothing to do with authentication. They can be plain text files. To configure SQL authentication, read the 'radiusd.conf' file, or look through the list archives. Second, is there any way to use crypted passwords in the SQL database? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
