Scroll to navigation

rlm_sql(5) FreeRADIUS Module rlm_sql(5)

NAME

rlm_sql - FreeRADIUS Module

DESCRIPTION

The rlm_sql module provides an SQL interface to retrieve authorization information and store accounting information. It can be used in conjunction with, or in lieu of the files and detail modules. The SQL module has drivers to support the following SQL databases:


db2
iodbc
mysql
oracle
postgresql
sybase
unixodbc

Due to the size of the configuration variables, the sql module is usually configured in a separate file, which is included in the main radiusd.conf via an include directive.

The main configuration items to be aware of are:

This variable specifies the driver to be loaded.
These specify the servername, username, and password the module will use to connect to the database.
The name of the database where the radius tables are stored.
These specify the tables names for accounting records. acct_table1 specifies the table where Start records are stored. acct_table2 specifies the table where Stop records are stored. In most cases, this should be the same table.
The name of the table to store post-authentication data.
The tables where individual Check-Items and Reply-Items are stored.
The tables where group Check-Items and Reply-Items are stored.
The table where username to group relationships are stored.
This option is set to 'yes' or 'no'. If you are doing Simultaneous-Use checking, and this is set to yes, stale sessions ( defined as sessions for which a Stop record was not received ) will be cleared.
This option is useful for debugging sql problems. If logfile is set then all sql queries for the containing section are written to the file specified. This is useful for debugging and bulk inserts.
The number of sql connections to make to the database.
The number of seconds to wait before attempting to reconnect to a failed database connection.
This is the definition of the SQL-User-Name attribute. This is set once, so that you can use %{SQL-User-Name} in the SQL queries, rather than the nested username substitution. This ensures that Username is parsed consistently for all SQL queries executed.
This is the default profile name that will be applied to all users if set. This is not set by default.
This option is set to 'yes' or 'no'. If set to yes, then the default user profile is returned if no specific match was found for the user.
These queries are run during the authorization stage to extract the user authorization information from the ${authcheck_table} and ${authreply_table}.
These queries are run during the authorization stage to extract the group authorization information from the ${groupcheck_table} and ${groupreply_table}.
The query to be run when receiving an Accounting On or Accounting Off packet.
The query to be run when receiving an Accounting Update packet. If the primary query fails, the alt query is run.
The query to be run when receiving an Accounting Start packet. If the primary query fails, the alt query is run.
The query to be run when receiving an Accounting Stop packet. If the primary query fails, the alt query is run.
The query to be run to return the number simultaneous sessions for the purposes of limiting Simultaneous Use.
The query to return the detail information needed to confirm that all suspected connected sessions are valid, and are not stale sessions.
The query to run to check user group membership.
The query to run during the post-authentication stage.

CONFIGURATION

Due to the size of the configuration for this module, it is not included in this manual page. Please review the supplied configuration files for example queries and configuration details.

SECTIONS

authorization, accounting, checksimul, post-authentication

FILES

/etc/raddb/radiusd.conf, /etc/raddb/sql.conf, /etc/raddb/sql/<DB>/dialup.conf, /etc/raddb/sql/<DB>/schema.sql,

SEE ALSO

radiusd(8), radiusd.conf(5),

AUTHORS

Chris Parker, cparker@segv.org

5 February 2004