* Peter Nixon <[EMAIL PROTECTED]> [2003-07-14 09:59]:
> On Mon, 14 Jul 2003 10:30 am, Peter Nixon wrote:
> > a) If you use a Database backend for FreeRadius which one do you
> > use?
most users are stored in ldap, some in oracle.
> d) If you do use a DB backend for FR do you use the default SQL
> queries that come with FR or have you written your own? If you wrote
> your own, would you mind sharing them with us (with a description
> please)?
we have our own:
authorize_check_query = "SELECT
1,'%{SQL-User-Name}','User-Password',radius.getPWD('%{SQL-User-Name}'),'==' FROM DUAL"
authorize_reply_query = "SELECT id,GroupName,Attribute,Value,op,DECODE (z.checkresult,
'invalidpassword0001','reject','wlan') FROM radgroupreply o, (SELECT
radius.getPWD('%{SQL-User-Name}') checkresult FROM DUAL ) z WHERE o.GroupName =
DECODE (z.checkresult, 'invalidpassword0001','reject','wlan') ORDER BY o.id"
unfortunately i don't know much about oracle, but we're basically just
calling a few functions here (sorry, can't post them here now cause i
don't have access to them).
an sms gateway generates a one-time password and stores it in oracle,
radius calls a function which checks if username/password are correct,
if the password is not older than 2 hours, and if the user is
provisioned for this service.
as soon as we receive an accounting start packet, the password is set
invalid.
accounting is also done in oracle.
so long,
randy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
