1rlm_sql(5)                     FreeRADIUS Module                    rlm_sql(5)
2
3
4

NAME

6       rlm_sql - FreeRADIUS Module
7

DESCRIPTION

9       The  rlm_sql module provides an SQL interface to retrieve authorization
10       information and store accounting information.  It can be used  in  con‐
11       junction  with,  or  in  lieu of the files and detail modules.  The SQL
12       module has drivers to support the following SQL databases:
13
14            db2
15            iodbc
16            mysql
17            oracle
18            postgresql
19            sybase
20            unixodbc
21
22       Due to the size of the configuration variables, the sql module is  usu‐
23       ally  configured  in  a  separate  file,  which is included in the main
24       radiusd.conf via an include directive.
25
26       The main configuration items to be aware of are:
27
28       driver This variable specifies the driver to be loaded.
29
30       server
31
32       login
33
34       password
35              These specify the servername, username, and password the  module
36              will use to connect to the database.
37
38       radius_db
39              The name of the database where the radius tables are stored.
40
41       acct_table1
42
43       acct_table2
44              These specify the tables names for accounting records.  acct_ta‐
45              ble1  specifies  the  table  where  Start  records  are  stored.
46              acct_table2  specifies  the table where Stop records are stored.
47              In most cases, this should be the same table.
48
49       postauth_table
50              The name of the table to store post-authentication data.
51
52       authcheck_table
53
54       authreply_table
55              The tables where  individual  Check-Items  and  Reply-Items  are
56              stored.
57
58       groupcheck_table
59
60       groupreply_table
61              The tables where group Check-Items and Reply-Items are stored.
62
63       usergroup_table
64              The table where username to group relationships are stored.
65
66       deletestatlesessions
67              This  option is set to 'yes' or 'no'.  If you are doing Simulta‐
68              neous-Use checking, and this is set to  yes,  stale  sessions  (
69              defined  as  sessions for which a Stop record was not received )
70              will be cleared.
71
72       sqltrace
73
74       sqltracefile
75              These two options are useful for  debugging  sql  problems.   If
76              sqltrace  is set to yes, then all sql queries being executed are
77              written to the file listed in sqltracefile.  This is disabled in
78              normal operation.
79
80       num_sql_socks
81              The number of sql connections to make to the database.
82
83       connect_failure_retry_delay
84              The  number of seconds to wait before attempting to reconnect to
85              a failed database connection.
86
87       sql_user_name
88              This is the definition of the SQL-User-Name attribute.  This  is
89              set  once,  so  that  you  can  use  %{SQL-User-Name} in the SQL
90              queries, rather than the  nested  username  substitution.   This
91              ensures that Username is parsed consistently for all SQL queries
92              executed.
93
94       default_user_profile
95              This is the default profile name that will  be  applied  to  all
96              users if set.  This is not set by default.
97
98       query_on_not_found
99              This  option  is  set to 'yes' or 'no'.  If set to yes, then the
100              default user profile is returned if no specific match was  found
101              for the user.
102
103       authorize_check_query
104
105       authorize_reply_query
106              These  queries are run during the authorization stage to extract
107              the user authorization information from  the  ${authcheck_table}
108              and ${authreply_table}.
109
110       authorize_group_check_query
111
112       authorize_group_reply_query
113              These  queries are run during the authorization stage to extract
114              the group authorization information from the ${groupcheck_table}
115              and ${groupreply_table}.
116
117       accounting_onoff_query
118              The  query to be run when receiving an Accounting On or Account‐
119              ing Off packet.
120
121       accounting_update_query
122
123       accounting_update_query_alt
124              The query to be run when receiving an Accounting Update  packet.
125              If the primary query fails, the alt query is run.
126
127       accounting_start_query
128
129       accounting_start_query_alt
130              The  query  to be run when receiving an Accounting Start packet.
131              If the primary query fails, the alt query is run.
132
133       accounting_stop_query
134
135       accounting_stop_query_alt
136              The query to be run when receiving an  Accounting  Stop  packet.
137              If the primary query fails, the alt query is run.
138
139       simul_count_query
140              The  query  to be run to return the number simultaneous sessions
141              for the purposes of limiting Simultaneous Use.
142
143       simul_verify_query
144              The query to return the detail  information  needed  to  confirm
145              that  all  suspected  connected  sessions are valid, and are not
146              stale sessions.
147
148       group_membership_query
149              The query to run to check user group membership.
150
151       postauth_query
152              The query to run during the post-authentication stage.
153

CONFIGURATION

155       Due to the size of  the  configuration  for  this  module,  it  is  not
156       included in this manual page.  Please review the supplied configuration
157       files for example queries and configuration details.
158

SECTIONS

160       authorization, accounting, checksimul, post-authentication
161

FILES

163       /etc/raddb/radiusd.conf,     /etc/raddb/sql.conf,      /etc/raddb/orac‐
164       lesql.conf, /etc/raddb/postfresql.conf, /etc/raddb/mssql.conf
165

SEE ALSO

167       radiusd(8), radiusd.conf(5),
168

AUTHORS

170       Chris Parker, cparker@segv.org
171
172
173
174                                5 February 2004                     rlm_sql(5)
Impressum