Anyone with mysql freeradius experience?

Hey,

I'm working on a project where I have a bunch of remote hotspots authenticating against a radius server with a mysql database. As I have pretty much zero experience with both I'm a bit stuck.

I've got the freeradius server and mysql working. I can also authenticate users and send attributes to them to limit data usage etc. So far so good.

The problem I'm running into is regarding authenticating users based on the NAS/hotspot. I can't get freeradius to base authentication on source.

E.g. If there is authenticating from NAS_location_A I first want freeradius to check if that location is in the location table, if not it must reject the request. If the location is in the table I want it to check to corresponding user group to match the username/password. The only caveat here is I don't know the NAS IP so I want to use NAS-ID or whatever instead.

I've been googling for the past couple of days but haven't found anything helpful. The freeradius documentation is sparse to say the least and the only documentation they have on their wiki regarding this is incorrect according to mailing list posts I've been able to find. No forum either so for any help I'm stuck with a mailing list...

Anybody here got any experience with mysql and freeradius or knows a good forum to ask for help?
 
Isn't it more common to use an ldap as the database for such purposes? LDAP is kind of a database-for-dummies standard which just has a hierarchy and is well suited for static content like usernames etc. (Windows AD being a kind of LDAP)
Which you might know already, this is a general comment about how it's traditional that authentication things like kerberos 5 and RADIUS interface with LDAP. I don't even know if it is even much relevant to your issue.

But while mysql is probably a good choice since zillions of developers use it for many things, ldap would also be a "vanilla" choice in this context. Typically you have a collection of user accounts (with attributes like user name, real name, phone number, home directory, groups, hashed password..) but it can also contain machine IDs and things like that.

Desktop OS logins, email and stuff can also integrate with ldap. I could help with small time administration of an already set up system though (to set everything up might be learned by setting everything up)
 
The problem is/wasn't so much the database part but the radius part. I did get it working by simply adding the NAS ID as a user attribute instead of working with groups. I'm sure that isn't exactly efficient when you have thousands of users but for now it will do. I've been reading a lot over the past week and somebody with programming knowledge could probably fix the whole thing up in a couple of hours as it mostly seems executing some mysql queries and some simple programming with freeradius' unlang. Eventually I want to do user accounting (time online etc) as well. Looks like that is by far the easiest to achieve with a mysql backend.
 
Back
Top