#accounting_onoff_query
#Change
#AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime)
#AcctSessionTime=extract(epoch from (timestamp('%S') - timestamp(AcctStartTime)))
#accounting_start_query
#Delete RadAcctId, AcctStopTime
#Change NASPortId= '%{NAS-Port-Id}' to '%{NAS-Port}'
#accounting_start_query_alt
#Change AcctStopTime = 0 to AcctStopTime is NULL
#accounting_stop_query
#Change AcctStopTime = 0 to AcctStopTime is NULL
#accounting_stop_query_alt
#Delete RadAcctId, AcctStartTime
#Change NASPortId= '%{NAS-Port-Id}' to '%{NAS-Port}'
#simul_count_query
#Change AcctStopTime = 0 to AcctStopTime is NULL
#simul_verify_query
#Change AcctStopTime = 0 to AcctStopTime is NULL
#CREATE TABLE radacct
#(
#AcctStartTime datetime DEFAULT now() NOT NULL, to AcctStartTime datetime,
#AcctStopTime datetime DEFAULT now() NOT NULL, to AcctStopTime datetime,
#)
#
# Configuration for the SQL module, when using MySQL.
#
# The database schema is available at:
#
# src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
#
# If you are using PostgreSQL, please use 'postgresql.conf', instead.
# If you are using MS-SQL, please use 'mssql.conf', instead.
#
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_postgresql"
# Connect info
server = "localhost"
login = "stat"
password = "statpass"
# Database table configuration
radius_db = "stat"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = yes #!!!
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60 #!!!
#######################################################################
# Query config: Username
#######################################################################
# This is the username that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
# everywhere a username substitution is needed so you you can be sure
# the username passed from the client is escaped properly.
#
# Uncomment the next line, if you want the sql_user_name to mean:
#
# Use Stripped-User-Name, if it's there.
# Else use User-Name, if it's there,
# Else use hard-coded string "none" as the user name.
sql_user_name = "%{Stripped-User-Name:-%{User-Name:-none}}"
#
# sql_user_name = "%{User-Name}"
#######################################################################
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
# in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
# you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
# 1. UserName/GroupName
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
# Use these for case sensitive usernames. WARNING: Slower queries!
# authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
# authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
${authreply_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
# Use these for case sensitive usernames. WANRING: Slower queries!
# authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op
FROM ${groupcheck_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username,
'%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName =
${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
# authorize_group_reply_query = "SELECT
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op
FROM ${groupreply_table},${usergroup_table} WHERE
STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND
${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY
${groupreply_table}.id"
authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op
FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName
ORDER BY ${groupcheck_table}.id"
authorize_group_reply_query = "SELECT
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op
FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName
ORDER BY ${groupreply_table}.id"
#######################################################################
# Authentication Query
#######################################################################
# This query is used only to get the password for the
# user we want to authenticate. The password MUST
# be the first field in the return row data.
# The 'Password' attribute is deprecated in favor of 'User-Password'.
#######################################################################
# authenticate_query = "SELECT Value,Attribute FROM ${authcheck_table} WHERE
UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password'
OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
authenticate_query = "SELECT 'xxxx','User-Password'"
#######################################################################
# Accounting Queries
#######################################################################
# accounting_onoff_query - query for Accounting On/Off packets
# accounting_update_query - query for Accounting update packets
# accounting_start_query - query for Accounting start packets
# accounting_start_query_alt - query for Accounting start packets
# (alternate in case first query fails)
# accounting_stop_query - query for Accounting stop packets
# accounting_stop_query_alt - query for Accounting start packets
# (alternate in case first query doesn't
# affect any existing rows in the table)
#######################################################################
# accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
# accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S',
AcctSessionTime=extract(epoch from (timestamp('%S') - timestamp(AcctStartTime))),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime is NULL AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S',
AcctSessionTime=extract(epoch from (timestamp'%S' - AcctStartTime)),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime is NULL AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime is NULL"
accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime is NULL"
accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}',
AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause =
'%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop =
'%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime is NULL"
accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStopTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time}')"
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use
checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for
verification
# - Leave blank or commented out to disable verification
step
# - Note that the returned field order should not be
changed.
# simul_zap_query - query to close "stale" sessions where NAS shows call
# - was disconnected, but no stop account packet was
received.
# - ( %s will be replaced with the appropriate RadAcctId
)
# - Leave blank or commented out to skip zapping stale
sessions
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
# simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime is NULL"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CalledStationId FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime is NULL"
simul_zap_query = "DELETE FROM ${acct_table1} WHERE RadAcctId = '%s'"
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
