1rlm_sql(5)                     FreeRADIUS Module                    rlm_sql(5)
2
3
4

NAME

6       rlm_sql - FreeRADIUS Module
7

DESCRIPTION

9       The  rlm_sql module provides an SQL interface to retrieve authorization
10       information and store accounting information.  It can be used  in  con‐
11       junction  with,  or  in  lieu of the files and detail modules.  The SQL
12       module has drivers to support the following SQL databases:
13
14            db2
15            iodbc
16            mysql
17            oracle
18            postgresql
19            sybase
20            unixodbc
21
22       Due to the size of the configuration variables, the sql module is  usu‐
23       ally  configured  in a separate file, which is included in the main ra‐
24       diusd.conf via an include directive.
25
26       The main configuration items to be aware of are:
27
28       driver This variable specifies the driver to be loaded.
29
30       server
31
32       login
33
34       password
35              These specify the servername, username, and password the  module
36              will use to connect to the database.
37
38       radius_db
39              The name of the database where the radius tables are stored.
40
41       acct_table1
42
43       acct_table2
44              These specify the tables names for accounting records.  acct_ta‐
45              ble1  specifies  the  table  where  Start  records  are  stored.
46              acct_table2  specifies  the table where Stop records are stored.
47              In most cases, this should be the same table.
48
49       postauth_table
50              The name of the table to store post-authentication data.
51
52       authcheck_table
53
54       authreply_table
55              The tables where  individual  Check-Items  and  Reply-Items  are
56              stored.
57
58       groupcheck_table
59
60       groupreply_table
61              The tables where group Check-Items and Reply-Items are stored.
62
63       usergroup_table
64              The table where username to group relationships are stored.
65
66       deletestalesessions
67              This  option is set to 'yes' or 'no'.  If you are doing Simulta‐
68              neous-Use checking, and this is set to yes, stale sessions ( de‐
69              fined  as  sessions  for  which a Stop record was not received )
70              will be cleared.
71
72       logfile
73              This option is useful for debugging sql problems.  If logfile is
74              set  then all sql queries for the containing section are written
75              to the file specified.  This is useful for  debugging  and  bulk
76              inserts.
77
78       num_sql_socks
79              The number of sql connections to make to the database.
80
81       connect_failure_retry_delay
82              The  number of seconds to wait before attempting to reconnect to
83              a failed database connection.
84
85       sql_user_name
86              This is the definition of the SQL-User-Name attribute.  This  is
87              set  once,  so  that  you  can  use  %{SQL-User-Name} in the SQL
88              queries, rather than the nested username substitution.  This en‐
89              sures  that  Username is parsed consistently for all SQL queries
90              executed.
91
92       default_user_profile
93              This is the default profile name that will  be  applied  to  all
94              users if set.  This is not set by default.
95
96       query_on_not_found
97              This  option  is  set to 'yes' or 'no'.  If set to yes, then the
98              default user profile is returned if no specific match was  found
99              for the user.
100
101       authorize_check_query
102
103       authorize_reply_query
104              These  queries are run during the authorization stage to extract
105              the user authorization information from  the  ${authcheck_table}
106              and ${authreply_table}.
107
108       authorize_group_check_query
109
110       authorize_group_reply_query
111              These  queries are run during the authorization stage to extract
112              the group authorization information from the ${groupcheck_table}
113              and ${groupreply_table}.
114
115       accounting_onoff_query
116              The  query to be run when receiving an Accounting On or Account‐
117              ing Off packet.
118
119       accounting_update_query
120
121       accounting_update_query_alt
122              The query to be run when receiving an Accounting Update  packet.
123              If the primary query fails, the alt query is run.
124
125       accounting_start_query
126
127       accounting_start_query_alt
128              The  query  to be run when receiving an Accounting Start packet.
129              If the primary query fails, the alt query is run.
130
131       accounting_stop_query
132
133       accounting_stop_query_alt
134              The query to be run when receiving an  Accounting  Stop  packet.
135              If the primary query fails, the alt query is run.
136
137       simul_count_query
138              The  query  to be run to return the number simultaneous sessions
139              for the purposes of limiting Simultaneous Use.
140
141       simul_verify_query
142              The query to return the detail  information  needed  to  confirm
143              that  all  suspected  connected  sessions are valid, and are not
144              stale sessions.
145
146       group_membership_query
147              The query to run to check user group membership.
148
149       postauth_query
150              The query to run during the post-authentication stage.
151

CONFIGURATION

153       Due to the size of the configuration for this module,  it  is  not  in‐
154       cluded  in  this manual page.  Please review the supplied configuration
155       files for example queries and configuration details.
156

SECTIONS

158       authorization, accounting, checksimul, post-authentication
159

FILES

161       /etc/raddb/radiusd.conf,  /etc/raddb/sql.conf,  /etc/raddb/sql/<DB>/di‐
162       alup.conf, /etc/raddb/sql/<DB>/schema.sql,
163

SEE ALSO

165       radiusd(8), radiusd.conf(5),
166

AUTHORS

168       Chris Parker, cparker@segv.org
169
170
171
172                                5 February 2004                     rlm_sql(5)
Impressum