unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Page:
Section:
Apropos / Subsearch:
optional field

rlm_sql(5)                     FreeRADIUS Module                    rlm_sql(5)



NAME
       rlm_sql - FreeRADIUS Module

DESCRIPTION
       The  rlm_sql module provides an SQL interface to retrieve authorization
       information and store accounting information.  It can be used  in  con-
       junction  with,  or  in  lieu of the files and detail modules.  The SQL
       module has drivers to support the following SQL databases:

            db2
            iodbc
            mysql
            oracle
            postgresql
            sybase
            unixodbc

       Due to the size of the configuration variables, the sql module is  usu-
       ally  configured  in  a  separate  file,  which is included in the main
       radiusd.conf via an include directive.

       The main configuration items to be aware of are:

       driver This variable specifies the driver to be loaded.

       server

       login

       password
              These specify the servername, username, and password the  module
              will use to connect to the database.

       radius_db
              The name of the database where the radius tables are stored.

       acct_table1

       acct_table2
              These specify the tables names for accounting records.  acct_ta-
              ble1  specifies  the  table  where  Start  records  are  stored.
              acct_table2  specifies  the table where Stop records are stored.
              In most cases, this should be the same table.

       postauth_table
              The name of the table to store post-authentication data.

       authcheck_table

       authreply_table
              The tables where  individual  Check-Items  and  Reply-Items  are
              stored.

       groupcheck_table

       groupreply_table
              The tables where group Check-Items and Reply-Items are stored.

       usergroup_table
              The table where username to group relationships are stored.

       deletestatlesessions
              This  option is set to 'yes' or 'no'.  If you are doing Simulta-
              neous-Use checking, and this is set to  yes,  stale  sessions  (
              defined  as  sessions for which a Stop record was not received )
              will be cleared.

       sqltrace

       sqltracefile
              These two options are useful for  debugging  sql  problems.   If
              sqltrace  is set to yes, then all sql queries being executed are
              written to the file listed in sqltracefile.  This is disabled in
              normal operation.

       num_sql_socks
              The number of sql connections to make to the database.

       connect_failure_retry_delay
              The  number of seconds to wait before attempting to reconnect to
              a failed database connection.

       sql_user_name
              This is the definition of the SQL-User-Name attribute.  This  is
              set  once,  so  that  you  can  use  %{SQL-User-Name} in the SQL
              queries, rather than the  nested  username  substitution.   This
              ensures that Username is parsed consistently for all SQL queries
              executed.

       default_user_profile
              This is the default profile name that will  be  applied  to  all
              users if set.  This is not set by default.

       query_on_not_found
              This  option  is  set to 'yes' or 'no'.  If set to yes, then the
              default user profile is returned if no specific match was  found
              for the user.

       authorize_check_query

       authorize_reply_query
              These  queries are run during the authorization stage to extract
              the user authorization information from  the  ${authcheck_table}
              and ${authreply_table}.

       authorize_group_check_query

       authorize_group_reply_query
              These  queries are run during the authorization stage to extract
              the group authorization information from the ${groupcheck_table}
              and ${groupreply_table}.

       accounting_onoff_query
              The  query to be run when receiving an Accounting On or Account-
              ing Off packet.

       accounting_update_query

       accounting_update_query_alt
              The query to be run when receiving an Accounting Update  packet.
              If the primary query fails, the alt query is run.

       accounting_start_query

       accounting_start_query_alt
              The  query  to be run when receiving an Accounting Start packet.
              If the primary query fails, the alt query is run.

       accounting_stop_query

       accounting_stop_query_alt
              The query to be run when receiving an  Accounting  Stop  packet.
              If the primary query fails, the alt query is run.

       simul_count_query
              The  query  to be run to return the number simultaneous sessions
              for the purposes of limiting Simultaneous Use.

       simul_verify_query
              The query to return the detail  information  needed  to  confirm
              that  all  suspected  connected  sessions are valid, and are not
              stale sessions.

       group_membership_query
              The query to run to check user group membership.

       postauth_query
              The query to run during the post-authentication stage.

CONFIGURATION
       Due to the size of  the  configuration  for  this  module,  it  is  not
       included in this manual page.  Please review the supplied configuration
       files for example queries and configuration details.

SECTIONS
       authorization, accounting, checksimul, post-authentication

FILES
       /etc/raddb/radiusd.conf,                           /etc/raddb/sql.conf,
       /etc/raddb/sql/<DB>/dialup.conf, /etc/raddb/sql/<DB>/schema.sql,

SEE ALSO
       radiusd(8), radiusd.conf(5),

AUTHORS
       Chris Parker, cparkerATsegv.org



                                5 February 2004                     rlm_sql(5)