Anyone with mysql freeradius experience?

Discussion in 'Tools and Software' started by tongue_of_colicab, Mar 29, 2017.

  1. tongue_of_colicab

    Veteran

    Joined:
    Oct 7, 2004
    Messages:
    3,400
    Likes Received:
    625
    Location:
    Japan
    Hey,

    I'm working on a project where I have a bunch of remote hotspots authenticating against a radius server with a mysql database. As I have pretty much zero experience with both I'm a bit stuck.

    I've got the freeradius server and mysql working. I can also authenticate users and send attributes to them to limit data usage etc. So far so good.

    The problem I'm running into is regarding authenticating users based on the NAS/hotspot. I can't get freeradius to base authentication on source.

    E.g. If there is authenticating from NAS_location_A I first want freeradius to check if that location is in the location table, if not it must reject the request. If the location is in the table I want it to check to corresponding user group to match the username/password. The only caveat here is I don't know the NAS IP so I want to use NAS-ID or whatever instead.

    I've been googling for the past couple of days but haven't found anything helpful. The freeradius documentation is sparse to say the least and the only documentation they have on their wiki regarding this is incorrect according to mailing list posts I've been able to find. No forum either so for any help I'm stuck with a mailing list...

    Anybody here got any experience with mysql and freeradius or knows a good forum to ask for help?
     
  2. Blazkowicz

    Legend Veteran

    Joined:
    Dec 24, 2004
    Messages:
    5,607
    Likes Received:
    256
    Isn't it more common to use an ldap as the database for such purposes? LDAP is kind of a database-for-dummies standard which just has a hierarchy and is well suited for static content like usernames etc. (Windows AD being a kind of LDAP)
    Which you might know already, this is a general comment about how it's traditional that authentication things like kerberos 5 and RADIUS interface with LDAP. I don't even know if it is even much relevant to your issue.

    But while mysql is probably a good choice since zillions of developers use it for many things, ldap would also be a "vanilla" choice in this context. Typically you have a collection of user accounts (with attributes like user name, real name, phone number, home directory, groups, hashed password..) but it can also contain machine IDs and things like that.

    Desktop OS logins, email and stuff can also integrate with ldap. I could help with small time administration of an already set up system though (to set everything up might be learned by setting everything up)
     
  3. tongue_of_colicab

    Veteran

    Joined:
    Oct 7, 2004
    Messages:
    3,400
    Likes Received:
    625
    Location:
    Japan
    The problem is/wasn't so much the database part but the radius part. I did get it working by simply adding the NAS ID as a user attribute instead of working with groups. I'm sure that isn't exactly efficient when you have thousands of users but for now it will do. I've been reading a lot over the past week and somebody with programming knowledge could probably fix the whole thing up in a couple of hours as it mostly seems executing some mysql queries and some simple programming with freeradius' unlang. Eventually I want to do user accounting (time online etc) as well. Looks like that is by far the easiest to achieve with a mysql backend.
     
  4. Arwin

    Arwin Now Officially a Top 10 Poster
    Moderator Legend

    Joined:
    May 17, 2006
    Messages:
    17,674
    Likes Received:
    1,194
    Location:
    Maastricht, The Netherlands
    Slightly off-topic but these days if you are going for MySQL, you should consider using Maria instead, My's sister. ;)
     
    bessti, Malo and BRiT like this.
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...