1
.TH rlm_sql 5 "5 February 2004" "" "FreeRADIUS Module"
3
rlm_sql \- FreeRADIUS Module
5
The \fIrlm_sql\fP module provides an SQL interface to retrieve
6
authorization information and store accounting information. It can be
7
used in conjunction with, or in lieu of the files and detail modules.
8
The SQL module has drivers to support the following SQL databases:
28
Due to the size of the configuration variables, the sql module is
29
usually configured in a separate file, which is included in the main
30
radiusd.conf via an include directive.
32
The main configuration items to be aware of are:
34
This variable specifies the driver to be loaded.
38
These specify the servername, username, and password the module will
39
use to connect to the database.
41
The name of the database where the radius tables are stored.
44
These specify the tables names for accounting records. acct_table1
45
specifies the table where Start records are stored. acct_table2
46
specifies the table where Stop records are stored. In most cases,
47
this should be the same table.
49
The name of the table to store post-authentication data.
52
The tables where individual Check-Items and Reply-Items are stored.
55
The tables where group Check-Items and Reply-Items are stored.
57
The table where username to group relationships are stored.
58
.IP deletestatlesessions
59
This option is set to 'yes' or 'no'. If you are doing
60
Simultaneous-Use checking, and this is set to yes, stale sessions (
61
defined as sessions for which a Stop record was not received ) will be
65
These two options are useful for debugging sql problems. If sqltrace
66
is set to yes, then all sql queries being executed are written to the
67
file listed in sqltracefile. This is disabled in normal operation.
69
The number of sql connections to make to the database.
70
.IP connect_failure_retry_delay
71
The number of seconds to wait before attempting to reconnect to a
72
failed database connection.
74
This is the definition of the SQL-User-Name attribute. This is set
75
once, so that you can use %{SQL-User-Name} in the SQL queries, rather
76
than the nested username substitution. This ensures that Username is
77
parsed consistently for all SQL queries executed.
78
.IP default_user_profile
79
This is the default profile name that will be applied to all users if
80
set. This is not set by default.
81
.IP query_on_not_found
82
This option is set to 'yes' or 'no'. If set to yes, then the default
83
user profile is returned if no specific match was found for the user.
84
.IP authorize_check_query
85
.IP authorize_reply_query
86
These queries are run during the authorization stage to extract the
87
user authorization information from the ${authcheck_table} and
89
.IP authorize_group_check_query
90
.IP authorize_group_reply_query
91
These queries are run during the authorization stage to extract the
92
group authorization information from the ${groupcheck_table} and
94
.IP accounting_onoff_query
95
The query to be run when receiving an Accounting On or Accounting Off
97
.IP accounting_update_query
98
.IP accounting_update_query_alt
99
The query to be run when receiving an Accounting Update packet. If the
100
primary query fails, the alt query is run.
101
.IP accounting_start_query
102
.IP accounting_start_query_alt
103
The query to be run when receiving an Accounting Start packet. If the
104
primary query fails, the alt query is run.
105
.IP accounting_stop_query
106
.IP accounting_stop_query_alt
107
The query to be run when receiving an Accounting Stop packet. If the
108
primary query fails, the alt query is run.
109
.IP simul_count_query
110
The query to be run to return the number simultaneous sessions for the
111
purposes of limiting Simultaneous Use.
112
.IP simul_verify_query
113
The query to return the detail information needed to confirm that all
114
suspected connected sessions are valid, and are not stale sessions.
115
.IP group_membership_query
116
The query to run to check user group membership.
118
The query to run during the post-authentication stage.
121
Due to the size of the configuration for this module, it is not
122
included in this manual page. Please review the supplied
123
configuration files for example queries and configuration details.
128
.BR post-authentication
131
.I /etc/raddb/radiusd.conf,
132
.I /etc/raddb/sql.conf,
133
.I /etc/raddb/oraclesql.conf,
134
.I /etc/raddb/postfresql.conf,
135
.I /etc/raddb/mssql.conf
139
.BR radiusd.conf (5),
141
Chris Parker, cparker@segv.org