📄 sql howto.htm
字号:
| 37 | static | Framed-Protocol | PPP | := |
| 38 | static | Service-Type | Framed-User | := |
| 39 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 41 | netdial | Service-Type | Framed-User | := |
| 42 | netdial | Framed-Protocol | PPP | := |
+----+-----------+--------------------+---------------------+------+
12 rows in set (0.01 sec)
</PRE>
<P>In this example, 'barney' (who is a single user dialup) only needs an
attribute for IP address in radreply so he gets his static IP - he does not need
any other attributes here as all the others get picked up from the 'static'
group entries in radgroupreply. </P>
<P>'fred' needs no entries in radreply as he is dynamically assigned an IP via
the NAS - so he'll just get the 'dynamic' group entries from radgroupreply ONLY.
</P>
<P>'dialrouter' is a dial-up router, so as well as needing a static IP it needs
route and mask attributes (etc) to be returned. Hence the additional entries.
</P>
<P>'dialrouter' also has an idle-timeout attribute so the router gets kicked if
it's not doing anything - you could add this for other users too if you wanted
to. Of course, if you feel like or need to add any other attributes, that's kind
of up to you! </P>
<P>Note the operator ('op') values used in the various tables. The password
check attribute MUST use :=. Most return attributes should have a :=
operator, although if you're returning multiple attributes of the same type
(e.g. multiple Cisco- AVpair's) you should use the += operator instead otherwise
only the first one will be returned. Read the docs for more details on <A
title=Operators href="http://wiki.freeradius.org/Operators">operators</A>. </P>
<P>If you're stripping all domain name elements from usernames via realms,
remember NOT to include the domain name elements in the usernames you put in the
SQL tables - they should get stripped BEFORE the database is checked, so
name@domain will NEVER match if you're realm stripping (assuming you follow
point 2 above) – you should just have 'name' as a user in the database. Once
it's working without, and if you want more complex realm handling, go back to
work out not stripping (and keeping name@domain in the db) if you really want
to. </P>
<DIV class=editsection style="FLOAT: right; MARGIN-LEFT: 5px">[<A
title="Edit section: Test"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=edit&section=10">edit</A>]</DIV><A
name=Test></A>
<H2>Test</H2>
<P>Fire up radiusd again in debug mode (radiusd -X). The debug output should
show it connecting to the SQL database. Use radtest (or NTradPing) to test again
- the user should authenticate and the debug output should show FreeRADIUS
talking to SQL. </P>
<P>Congratulations. You're done! </P>
<DIV class=editsection style="FLOAT: right; MARGIN-LEFT: 5px">[<A
title="Edit section: Additional Snippets"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=edit&section=11">edit</A>]</DIV><A
name=Additional_Snippets></A>
<H2>Additional Snippets</H2>
<UL>
<LI>To use encrypted passwords in radcheck use the attribute 'Crypt-Password',
instead of 'Cleartext-Password', and just put the encrypted password in the
value field. ( i.e. UNIX crypt'd password).
<LI>To get NTradPing to send test accounting (e.g. stop) packets it needs
arguments, namely acct-session-time. Put something like
'Acct-Session-Time=99999' into the 'Additional RADIUS Attributes' box when
sending stops.
<LI>If you have a <A title=Cisco
href="http://wiki.freeradius.org/Cisco">Cisco</A> nas, set the cisco-vsa-hack
</LI></UL>
<UL>
<LI>Running a backup FreeRADIUS server and need to replicate the RADIUS
database to it? I followed Colin Bloch's basic instructions at <A
class="external free" title=http://www.ls-l.net/mysql/
href="http://www.ls-l.net/mysql/" rel=nofollow>http://www.ls-l.net/mysql/</A>
and got replication setup between two MySQL servers. Real easy. Read the MySQL
docs on replication for more details. </LI></UL>
<P>On the subject of backup servers. If you want to run TWO MySQL servers and
have FreeRadius fall over between them, you'll need to do something like this:
duplicate your sql.conf and edit the second copy to reflect connecting to your
backup server ; then name the files something like sql1.conf and
sql2.conf ; in radiusd.conf change and duplicate the include line for
sql.conf to include sql1.conf and sql2.conf instead ; in the 'authorize'
section of radiusd.conf change the 'sql' entry to a 'group' one, like this: </P><PRE> group {
sql1 {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
sql2 {
fail = 1
notfound = return
noop = 2
ok = return
updated = 3
reject = return
userlock = 4
invalid = 5
handled = 6
}
}
</PRE>
<P><BR>Note that if FreeRadius fails over to the second MySQL server and tries
to update the accounting table (radacct), nasty things might possibly happen to
your replication setup and database integrity as the first MySQL server won't
have got the updates... </P>
<DIV class=editsection style="FLOAT: right; MARGIN-LEFT: 5px">[<A
title="Edit section: See Also"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=edit&section=12">edit</A>]</DIV><A
name=See_Also></A>
<H2>See Also</H2>
<UL>
<LI><A title=SQL href="http://wiki.freeradius.org/SQL">SQL</A>
<LI><A title="Rlm sql" href="http://wiki.freeradius.org/Rlm_sql">rlm_sql</A>
<LI><A title="Rlm sqlcounter"
href="http://wiki.freeradius.org/Rlm_sqlcounter">rlm_sqlcounter</A>
<LI><A title="Rlm sqlippool"
href="http://wiki.freeradius.org/Rlm_sqlippool">rlm_sqlippool</A> </LI></UL><!-- Saved in parser cache with key wikiradius-fr_:pcache:idhash:2025-0!1!0!!en!2 and timestamp 20081118180223 -->
<DIV class=printfooter>
<P>Retrieved from "<A
href="http://wiki.freeradius.org/SQL_HOWTO">http://wiki.freeradius.org/SQL_HOWTO</A>"</P>
<P>This page has been accessed 42,155 times. This page was last modified 11:51,
30 June 2008. </P></DIV></DIV><BR clear=all>
<DIV id=footer><BR>
<SCRIPT src="SQL HOWTO.files/urchin.js" type=text/javascript></SCRIPT>
<SCRIPT
type=text/javascript>_uacct = "UA-1186926-2";urchinTracker();</SCRIPT>
<TABLE cellSpacing=0 width="98%" border=0>
<TBODY>
<TR>
<TD width=152> </TD>
<TD class=bottom vAlign=top align=middle><STRONG><A title="SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=edit">Edit
this page</A></STRONG> | <A class=new title="Talk:SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=Talk:SQL_HOWTO&action=edit">Discuss
this page</A> | <A title="SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=history">Page
history</A> | <A title=Special:Whatlinkshere
href="http://wiki.freeradius.org/index.php?title=Special:Whatlinkshere&target=SQL_HOWTO">What
links here</A> | <A title=Special:Recentchangeslinked
href="http://wiki.freeradius.org/index.php?title=Special:Recentchangeslinked&target=SQL_HOWTO">Related
changes</A> <BR><BR><BR><A title="Main Page"
href="http://wiki.freeradius.org/Main_Page">Main Page</A> | <A
title="FreeRADIUS Wiki:About"
href="http://wiki.freeradius.org/FreeRADIUS_Wiki:About">About FreeRADIUS
Wiki</A> |
<FORM class=inline id=search action=/Special:Search method=get>Find:
<INPUT size=14 name=search><BR><INPUT type=submit value=Go name=go> <INPUT type=submit value=Search name=fulltext></FORM><BR>This page has
been accessed 42,155 times. This page was last modified 11:51, 30 June
2008. </TD></TR></TBODY></TABLE></DIV></DIV>
<DIV id=quickbar>
<H6>Find</H6>
<FORM class=inline id=search action=/Special:Search method=get><INPUT size=14
name=search><BR><INPUT type=submit value=Go name=go> <INPUT type=submit value=Search name=fulltext></FORM>
<H6>Browse</H6><A href="http://wiki.freeradius.org/Main_Page">Main
Page</A><BR><A
href="http://wiki.freeradius.org/FreeRADIUS_Wiki:Community_Portal">Community
portal</A><BR><A href="http://wiki.freeradius.org/Current_events">Current
events</A><BR><A href="http://wiki.freeradius.org/Special:Recentchanges">Recent
changes</A><BR><A href="http://wiki.freeradius.org/Special:Random">Random
page</A><BR><A href="http://wiki.freeradius.org/Help:Contents">Help</A><BR><A
href="http://wiki.freeradius.org/FreeRADIUS_Wiki:Site_support">Donations</A><BR>
<H6>Edit</H6><STRONG><A title="SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=edit">Edit
this page</A></STRONG><BR><A title=Help:Editing
href="http://wiki.freeradius.org/Help:Editing">Editing help</A><BR>
<H6>This page</H6><A class=new title="Talk:SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=Talk:SQL_HOWTO&action=edit">Discuss
this page</A><BR><A title="Talk:SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=Talk:SQL_HOWTO&action=edit&section=new">Post
a comment</A><BR><A
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&printable=yes">Printable
version</A><BR>
<H6>Context</H6><A title="SQL HOWTO"
href="http://wiki.freeradius.org/index.php?title=SQL_HOWTO&action=history">Page
history</A><BR><A title=Special:Whatlinkshere
href="http://wiki.freeradius.org/index.php?title=Special:Whatlinkshere&target=SQL_HOWTO">What
links here</A><BR><A title=Special:Recentchangeslinked
href="http://wiki.freeradius.org/index.php?title=Special:Recentchangeslinked&target=SQL_HOWTO">Related
changes</A><BR>
<H6>My pages</H6><A title=Special:Userlogin
href="http://wiki.freeradius.org/Special:Userlogin">Log in / create account</A>
<H6>Special pages</H6><A title=Special:Newpages
href="http://wiki.freeradius.org/Special:Newpages">New pages</A><BR><A
title=Special:Imagelist href="http://wiki.freeradius.org/Special:Imagelist">File
list</A><BR><A title=Special:Statistics
href="http://wiki.freeradius.org/Special:Statistics">Statistics</A><BR><A
title="FreeRADIUS Wiki:Bug reports"
href="http://wiki.freeradius.org/FreeRADIUS_Wiki:Bug_reports">Bug
reports</A><BR><A title=Special:Specialpages
href="http://wiki.freeradius.org/Special:Specialpages">More...</A><BR></DIV>
<SCRIPT type=text/javascript>if (window.runOnloadHook) runOnloadHook();</SCRIPT>
<!-- Served by wiki.freeradius.org in 0.252 secs. --></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -