A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Man page of rlm_sql

rlm_sql

Section: FreeRADIUS Module (5)
Updated: 5 February 2004
Index of this MAN page

Back To MAN Pages From BackTrack 5 R1 Master List  

NAME

rlm_sql - FreeRADIUS Module  

DESCRIPTION

The rlm_sql module provides an SQL interface to retrieve authorization information and store accounting information. It can be used in conjunction with, or in lieu of the files and detail modules. The SQL module has drivers to support the following SQL databases: 




     db2


     iodbc


     mysql


     oracle


     postgresql


     sybase


     unixodbc

Due to the size of the configuration variables, the sql module is usually configured in a separate file, which is included in the main radiusd.conf via an include directive.

The main configuration items to be aware of are:

driver
This variable specifies the driver to be loaded.
server
login
password
These specify the servername, username, and password the module will use to connect to the database.
radius_db
The name of the database where the radius tables are stored.
acct_table1
acct_table2
These specify the tables names for accounting records. acct_table1 specifies the table where Start records are stored. acct_table2 specifies the table where Stop records are stored. In most cases, this should be the same table.
postauth_table
The name of the table to store post-authentication data.
authcheck_table
authreply_table
The tables where individual Check-Items and Reply-Items are stored.
groupcheck_table
groupreply_table
The tables where group Check-Items and Reply-Items are stored.
usergroup_table
The table where username to group relationships are stored.
deletestatlesessions
This option is set to 'yes' or 'no'. If you are doing Simultaneous-Use checking, and this is set to yes, stale sessions ( defined as sessions for which a Stop record was not received ) will be cleared.
sqltrace
sqltracefile
These two options are useful for debugging sql problems. If sqltrace is set to yes, then all sql queries being executed are written to the file listed in sqltracefile. This is disabled in normal operation.
num_sql_socks
The number of sql connections to make to the database.
connect_failure_retry_delay
The number of seconds to wait before attempting to reconnect to a failed database connection.
sql_user_name
This is the definition of the SQL-User-Name attribute. This is set once, so that you can use %{SQL-User-Name} in the SQL queries, rather than the nested username substitution. This ensures that Username is parsed consistently for all SQL queries executed.
default_user_profile
This is the default profile name that will be applied to all users if set. This is not set by default.
query_on_not_found
This option is set to 'yes' or 'no'. If set to yes, then the default user profile is returned if no specific match was found for the user.
authorize_check_query
authorize_reply_query
These queries are run during the authorization stage to extract the user authorization information from the ${authcheck_table} and ${authreply_table}.
authorize_group_check_query
authorize_group_reply_query
These queries are run during the authorization stage to extract the group authorization information from the ${groupcheck_table} and ${groupreply_table}.
accounting_onoff_query
The query to be run when receiving an Accounting On or Accounting Off packet.
accounting_update_query
accounting_update_query_alt
The query to be run when receiving an Accounting Update packet. If the primary query fails, the alt query is run.
accounting_start_query
accounting_start_query_alt
The query to be run when receiving an Accounting Start packet. If the primary query fails, the alt query is run.
accounting_stop_query
accounting_stop_query_alt
The query to be run when receiving an Accounting Stop packet. If the primary query fails, the alt query is run.
simul_count_query
The query to be run to return the number simultaneous sessions for the purposes of limiting Simultaneous Use.
simul_verify_query
The query to return the detail information needed to confirm that all suspected connected sessions are valid, and are not stale sessions.
group_membership_query
The query to run to check user group membership.
postauth_query
The query to run during the post-authentication stage.
 

CONFIGURATION

Due to the size of the configuration for this module, it is not included in this manual page. Please review the supplied configuration files for example queries and configuration details.  

SECTIONS

authorization, accounting, checksimul, post-authentication

 

FILES

/etc/raddb/radiusd.conf, /etc/raddb/sql.conf, /etc/raddb/sql/<DB>/dialup.conf, /etc/raddb/sql/<DB>/schema.sql,

 

SEE ALSO

radiusd(8), radiusd.conf(5),  

AUTHORS

Chris Parker, cparker@segv.org

 

Index

NAME
DESCRIPTION
CONFIGURATION
SECTIONS
FILES
SEE ALSO
AUTHORS
This document was created by man2html, using the manual pages.
Time: 07:34:21 GMT, September 13, 2011

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast