1rlm_sql(5) FreeRADIUS Module rlm_sql(5)
2
3
4
6 rlm_sql - FreeRADIUS Module
7
9 The rlm_sql module provides an SQL interface to retrieve authorization
10 information and store accounting information. It can be used in con‐
11 junction with, or in lieu of the files and detail modules. The SQL
12 module has drivers to support the following SQL databases:
13
14 db2
15 iodbc
16 mysql
17 oracle
18 postgresql
19 sybase
20 unixodbc
21
22 Due to the size of the configuration variables, the sql module is usu‐
23 ally configured in a separate file, which is included in the main ra‐
24 diusd.conf via an include directive.
25
26 The main configuration items to be aware of are:
27
28 driver This variable specifies the driver to be loaded.
29
30 server
31
32 login
33
34 password
35 These specify the servername, username, and password the module
36 will use to connect to the database.
37
38 radius_db
39 The name of the database where the radius tables are stored.
40
41 acct_table1
42
43 acct_table2
44 These specify the tables names for accounting records. acct_ta‐
45 ble1 specifies the table where Start records are stored.
46 acct_table2 specifies the table where Stop records are stored.
47 In most cases, this should be the same table.
48
49 postauth_table
50 The name of the table to store post-authentication data.
51
52 authcheck_table
53
54 authreply_table
55 The tables where individual Check-Items and Reply-Items are
56 stored.
57
58 groupcheck_table
59
60 groupreply_table
61 The tables where group Check-Items and Reply-Items are stored.
62
63 usergroup_table
64 The table where username to group relationships are stored.
65
66 deletestalesessions
67 This option is set to 'yes' or 'no'. If you are doing Simulta‐
68 neous-Use checking, and this is set to yes, stale sessions ( de‐
69 fined as sessions for which a Stop record was not received )
70 will be cleared.
71
72 logfile
73 This option is useful for debugging sql problems. If logfile is
74 set then all sql queries for the containing section are written
75 to the file specified. This is useful for debugging and bulk
76 inserts.
77
78 num_sql_socks
79 The number of sql connections to make to the database.
80
81 connect_failure_retry_delay
82 The number of seconds to wait before attempting to reconnect to
83 a failed database connection.
84
85 sql_user_name
86 This is the definition of the SQL-User-Name attribute. This is
87 set once, so that you can use %{SQL-User-Name} in the SQL
88 queries, rather than the nested username substitution. This en‐
89 sures that Username is parsed consistently for all SQL queries
90 executed.
91
92 default_user_profile
93 This is the default profile name that will be applied to all
94 users if set. This is not set by default.
95
96 query_on_not_found
97 This option is set to 'yes' or 'no'. If set to yes, then the
98 default user profile is returned if no specific match was found
99 for the user.
100
101 authorize_check_query
102
103 authorize_reply_query
104 These queries are run during the authorization stage to extract
105 the user authorization information from the ${authcheck_table}
106 and ${authreply_table}.
107
108 authorize_group_check_query
109
110 authorize_group_reply_query
111 These queries are run during the authorization stage to extract
112 the group authorization information from the ${groupcheck_table}
113 and ${groupreply_table}.
114
115 accounting_onoff_query
116 The query to be run when receiving an Accounting On or Account‐
117 ing Off packet.
118
119 accounting_update_query
120
121 accounting_update_query_alt
122 The query to be run when receiving an Accounting Update packet.
123 If the primary query fails, the alt query is run.
124
125 accounting_start_query
126
127 accounting_start_query_alt
128 The query to be run when receiving an Accounting Start packet.
129 If the primary query fails, the alt query is run.
130
131 accounting_stop_query
132
133 accounting_stop_query_alt
134 The query to be run when receiving an Accounting Stop packet.
135 If the primary query fails, the alt query is run.
136
137 simul_count_query
138 The query to be run to return the number simultaneous sessions
139 for the purposes of limiting Simultaneous Use.
140
141 simul_verify_query
142 The query to return the detail information needed to confirm
143 that all suspected connected sessions are valid, and are not
144 stale sessions.
145
146 group_membership_query
147 The query to run to check user group membership.
148
149 postauth_query
150 The query to run during the post-authentication stage.
151
153 Due to the size of the configuration for this module, it is not in‐
154 cluded in this manual page. Please review the supplied configuration
155 files for example queries and configuration details.
156
158 authorization, accounting, checksimul, post-authentication
159
161 /etc/raddb/radiusd.conf, /etc/raddb/sql.conf, /etc/raddb/sql/<DB>/di‐
162 alup.conf, /etc/raddb/sql/<DB>/schema.sql,
163
165 radiusd(8), radiusd.conf(5),
166
168 Chris Parker, cparker@segv.org
169
170
171
172 5 February 2004 rlm_sql(5)