1rlm_sql(5) FreeRADIUS Module rlm_sql(5)
2
6 rlm_sql - FreeRADIUS Module
7
9 The rlm_sql module provides an SQL interface to retrieve authorization
10 information and store accounting information. It can be used in con‐
11 junction with, or in lieu of the files and detail modules. The SQL
12 module has drivers to support the following SQL databases:
13 db2
15 iodbc
16 mysql
17 oracle
18 postgresql
19 sybase
20 unixodbc
21 Due to the size of the configuration variables, the sql module is usu‐
23 ally configured in a separate file, which is included in the main
24 radiusd.conf via an include directive.
25 The main configuration items to be aware of are:
27 driver This variable specifies the driver to be loaded.
29 server
31 login
33 password
35 These specify the servername, username, and password the module
36 will use to connect to the database.
37 radius_db
39 The name of the database where the radius tables are stored.
40 acct_table1
42 acct_table2
44 These specify the tables names for accounting records. acct_ta‐
45 ble1 specifies the table where Start records are stored.
46 acct_table2 specifies the table where Stop records are stored.
47 In most cases, this should be the same table.
48 postauth_table
50 The name of the table to store post-authentication data.
51 authcheck_table
53 authreply_table
55 The tables where individual Check-Items and Reply-Items are
56 stored.
57 groupcheck_table
59 groupreply_table
61 The tables where group Check-Items and Reply-Items are stored.
62 usergroup_table
64 The table where username to group relationships are stored.
65 deletestatlesessions
67 This option is set to 'yes' or 'no'. If you are doing Simulta‐
68 neous-Use checking, and this is set to yes, stale sessions (
69 defined as sessions for which a Stop record was not received )
70 will be cleared.
71 sqltrace
73 sqltracefile
75 These two options are useful for debugging sql problems. If
76 sqltrace is set to yes, then all sql queries being executed are
77 written to the file listed in sqltracefile. This is disabled in
78 normal operation.
79 num_sql_socks
81 The number of sql connections to make to the database.
82 connect_failure_retry_delay
84 The number of seconds to wait before attempting to reconnect to
85 a failed database connection.
86 sql_user_name
88 This is the definition of the SQL-User-Name attribute. This is
89 set once, so that you can use %{SQL-User-Name} in the SQL
90 queries, rather than the nested username substitution. This
91 ensures that Username is parsed consistently for all SQL queries
92 executed.
93 default_user_profile
95 This is the default profile name that will be applied to all
96 users if set. This is not set by default.
97 query_on_not_found
99 This option is set to 'yes' or 'no'. If set to yes, then the
100 default user profile is returned if no specific match was found
101 for the user.
102 authorize_check_query
104 authorize_reply_query
106 These queries are run during the authorization stage to extract
107 the user authorization information from the ${authcheck_table}
108 and ${authreply_table}.
109 authorize_group_check_query
111 authorize_group_reply_query
113 These queries are run during the authorization stage to extract
114 the group authorization information from the ${groupcheck_table}
115 and ${groupreply_table}.
116 accounting_onoff_query
118 The query to be run when receiving an Accounting On or Account‐
119 ing Off packet.
120 accounting_update_query
122 accounting_update_query_alt
124 The query to be run when receiving an Accounting Update packet.
125 If the primary query fails, the alt query is run.
126 accounting_start_query
128 accounting_start_query_alt
130 The query to be run when receiving an Accounting Start packet.
131 If the primary query fails, the alt query is run.
132 accounting_stop_query
134 accounting_stop_query_alt
136 The query to be run when receiving an Accounting Stop packet.
137 If the primary query fails, the alt query is run.
138 simul_count_query
140 The query to be run to return the number simultaneous sessions
141 for the purposes of limiting Simultaneous Use.
142 simul_verify_query
144 The query to return the detail information needed to confirm
145 that all suspected connected sessions are valid, and are not
146 stale sessions.
147 group_membership_query
149 The query to run to check user group membership.
150 postauth_query
152 The query to run during the post-authentication stage.
153
155 Due to the size of the configuration for this module, it is not
156 included in this manual page. Please review the supplied configuration
157 files for example queries and configuration details.
158
160 authorization, accounting, checksimul, post-authentication
161
163 /etc/raddb/radiusd.conf, /etc/raddb/sql.conf,
164 /etc/raddb/sql/<DB>/dialup.conf, /etc/raddb/sql/<DB>/schema.sql,
165
167 radiusd(8), radiusd.conf(5),
168
170 Chris Parker, cparker@segv.org
171 5 February 2004 rlm_sql(5)