Well I am not sure, I searched little on the mailing lists and made some
trying...
I have something like this in my conf file and it works perfectly.
You can run radius with -sxx and see the debugging info if it is even
trying to connect to database or not
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
#
# It also adds a Client-IP-Address attribute to the request.
# preprocess
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
chap
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
# mschap
# counter
# attr_filter
# eap
# suffix
# files
sql
# etc_smbpasswd
# The ldap module will set Auth-Type to LDAP if it has not already been
set
# ldap
}
# Authentication.
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that you have to have a module from the 'authorize' section add
# a configuration attribute 'Auth-Type := FOO'. That authentication type
# is then used to pick the apropriate module from the list below.
#
# The default Auth-Type is Local. That is, whatever is not included
inside
# an authtype section will be called only if Auth-Type is set to Local.
#
# So you should do the following:
# - Set Auth-Type to an appropriate value in the authorize modules above.
# For example, the chap module will set Auth-Type to CHAP, ldap to LDAP,
etc.
# - After that create corresponding authtype sections in the
# authenticate section below and call the appropriate modules.
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
# authtype PAP {
# pap
# }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
authtype CHAP {
chap
}
#
# MSCHAP authentication.
# authtype MS-CHAP {
# mschap
# }
# pam
#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
# unix
# Uncomment it if you want to use ldap for authentication
# authtype LDAP {
# ldap
# }
# eap
}
# Pre-accounting. Look for proxy realm in order of realms, then
# acct_users file, then preprocess (hints file).
preacct {
# preprocess
# suffix
# files
}
# Accounting. Log to detail file, and to the radwtmp file, and maintain
# radutmp.
accounting {
# acct_unique
# detail
# counter
# unix # wtmp file
# radutmp
# sradutmp
sql
}
# Session database, used for checking Simultaneous-Use. Either the
radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
# radutmp
sql
}
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
# Get an address from the IP Pool.
#main_pool
}
On Fri, 3 Jan 2003, Robert Canary wrote:
> Where is the documentation that explains this. I can't seem to find it.
>
> Evren Yurtesen wrote:
> >
> > you should have sql in authorize section
> >
> > authrorize {
> >
> > chap
> > sql
> >
> > }
> >
> > and chap or pap or whatever else you use
> >
> > On Fri, 3 Jan 2003, Robert Canary wrote:
> >
> > > I am a new user to freeradius, and the mailing-list.
> > >
> > > Greetings everyone
> > >
> > > I have compiled and installed the latest version of freeradius on an
> > > updates RH7.1 box. MYSql was already installed since I use it allot.
> > >
> > > If i do a radtest and watch the MySql logs it never shows the radius
> > > ever trying to talk to the MySql. I include the module name in the
> > > radiusd.conf file as instructed. The databse is there, as well as the
> > > tables and everything (via the MySql Schema). But even if that was the
> > > problem then MySql would simply log an error about a bad request being
> > > made. But I see nothing.
> > >
> > > I can't seem to find anything tell me what to do with it, I pick through
> > > makefiles to findout what was what and figured out the db structure, by
> > > I guess it isn't using it.
> > >
> > > Hmmmm, wait a minute....isn't there something in the user.txt file that
> > > should point it over to the sql????
> > >
> > > --
> > > robert canary
> > > system services
> > > OhioCounty.Net
> > > [EMAIL PROTECTED]
> > > (270)298-9331 Office
> > > (270)298-7449 Fax
> > >
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> --
> robert canary
> system services
> OhioCounty.Net
> [EMAIL PROTECTED]
> (270)298-9331 Office
> (270)298-7449 Fax
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
