I have supplied a patch file to run against the raddb directory.
The file postgres-test.sql contains sample data that can be put into
the configured database {radiusd} for testing.NOTE: make sure pg_hba.conf will allow the user {radiusd} to connect
to the database. Also make sure the user {radiusd} has permission to
select data from the uthentication tables and has appropriate access
to the accounting and session tables.Hope this will help someone.
-- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on.
diff -ruN orig/clients raddb/clients
--- orig/clients 2003-08-12 15:53:01.000000000 -0600
+++ raddb/clients 1969-12-31 17:00:00.000000000 -0700
@@ -1,25 +0,0 @@
-#
-# THIS FILE IS DEPRECATED.
-#
-# You should NOT be using this file to configure the server.
-# It is here ONLY for backwards compatibility.
-#
-# See 'clients.conf' for the new configuration.
-#
-#
-# clients This file contains a list of clients which are allowed to
-# make authentication requests and their encryption key.
-#
-# Description of the fields:
-#
-# * The first field is a valid hostname or IP address
-# for the client.
-# * The second field (seperated by blanks or tabs) is the
-# encryption key.
-
-# Client Name Key
-#---------------- ----------
-#portmaster1.isp.com testing123
-#portmaster2.isp.com testing123
-#proxyradius.isp2.com TheirKey
-#localhost testing123
diff -ruN orig/clients.conf raddb/clients.conf
--- orig/clients.conf 2003-08-12 15:53:01.000000000 -0600
+++ raddb/clients.conf 2003-08-19 14:09:24.000000000 -0600
@@ -113,3 +113,8 @@
# password = someadminpas
#}
+client 10.10.10.10 {
+ secret = MySneakyPassWord
+ shortname = saturn
+ nastype = other
+}
diff -ruN orig/naslist raddb/naslist
--- orig/naslist 2003-08-12 15:53:02.000000000 -0600
+++ raddb/naslist 1969-12-31 17:00:00.000000000 -0700
@@ -1,31 +0,0 @@
-#
-# THIS FILE IS DEPRECATED.
-#
-# You should NOT be using this file to configure the server.
-# It is here ONLY for backwards compatibility.
-#
-# See 'clients.conf' for the new configuration.
-#
-#
-# naslist This file contains a list of NASes (Network Access Servers,
-# also known as terminal servers) which we know.
-#
-# Description of the fields:
-#
-# * The first field is a valid hostname or IP address
-# for the client.
-# * The second field (seperated by blanks or tabs) is the
-# short name we use in the logfiles for this NAS.
-# * The third field defines what type of device it is. Valid
-# values are "cisco", "computone", "livingston", "max40xx",
-# "multitech", "netserver", "pathras", "patton", "portslave",
-# "tc", "usrhiper" or "other".
-#
-# This is used to find out how to detect double logins.
-#
-
-# NAS Name Short Name Type
-#---------------- ---------- ----
-#portmaster1.isp.com pm1.NY livingston
-#portmaster2.isp.com pm1.LA livingston
-localhost local portslave
diff -ruN orig/postgresql.conf raddb/postgresql.conf
--- orig/postgresql.conf 2003-08-12 15:53:02.000000000 -0600
+++ raddb/postgresql.conf 2003-08-19 14:26:27.000000000 -0600
@@ -19,11 +19,11 @@
# The following credentials will most likely work on a default install of
Postgresql
# If they do work however, it means that you have a HUGE GAPING SECURITY RISK
on your
# server! Please change the "postgres" users password and setup a separate
radius user.
- login = "postgres"
+ login = "radiusd"
password = ""
# Database table configuration
- radius_db = "radius"
+ radius_db = "radiusd"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
diff -ruN orig/postgres-test.sql raddb/postgres-test.sql
--- orig/postgres-test.sql 1969-12-31 17:00:00.000000000 -0700
+++ raddb/postgres-test.sql 2003-08-19 14:03:38.000000000 -0600
@@ -0,0 +1,45 @@
+DELETE FROM radcheck ;
+COPY radcheck (username, attribute, op, value) FROM stdin;
+fredf Password == wilma
+barney Password == betty
+dialrouter Password == dialup
+troll Crypt-Password == $1$nccboTC8$iTa7cikTy1Ito27dpdkT90
+\.
+
+DELETE FROM radgroupcheck ;
+COPY radgroupcheck (groupname, attribute, op, value) FROM stdin;
+dynamic Auth-Type := Local
+static Auth-Type := Local
+netdial Auth-Type := Local
+\.
+
+DELETE FROM radgroupreply ;
+COPY radgroupreply (groupname, attribute, op, value) FROM stdin;
+dynamic Framed-Compression := Van-Jacobsen-TCP-IP
+dynamic Framed-Protocol := PPP
+dynamic Service-Type := Framed-User
+dynamic Framed-MTU := 1500
+static Framed-Compression := Van-Jacobsen-TCP-IP
+static Framed-Protocol := PPP
+static Service-Type := Framed-User
+netdial Service-Type := Framed-User
+netdial Framed-Protocol := PPP
+\.
+
+DELETE FROM radreply ;
+COPY radreply (username, attribute, op, value) FROM stdin;
+barney Framed-IP-Address := 1.2.3.4
+dialrouter Framed-IP-Address := 2.3.4.1
+dialrouter Framed-IP-Netmask := 255.255.255.255
+dialrouter Framed-Routing := Broadcast-Listen
+dialrouter Framed-Route := 2.3.4.0 255.255.255.248
+dialrouter Idle-Timeout := 900
+\.
+
+DELETE FROM usergroup ;
+COPY usergroup (username, groupname) FROM stdin;
+fredf dynamic
+barney static
+dialrouter netdial
+troll dynamic
+\.
diff -ruN orig/proxy.conf raddb/proxy.conf
--- orig/proxy.conf 2003-08-12 15:53:02.000000000 -0600
+++ raddb/proxy.conf 2003-08-19 14:07:11.000000000 -0600
@@ -256,3 +256,9 @@
# accthost = radius.company.com:1601
# secret = testing123
#}
+
+realm NULL {
+ type = LOCAL
+ authhost = LOCAL
+ accthost = LOCAL
+}
diff -ruN orig/radiusd.conf raddb/radiusd.conf
--- orig/radiusd.conf 2003-08-12 15:53:10.000000000 -0600
+++ raddb/radiusd.conf 2003-08-19 14:31:41.000000000 -0600
@@ -971,7 +971,7 @@
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
- $INCLUDE ${confdir}/sql.conf
+ $INCLUDE ${confdir}/postgresql.conf
# Write a 'utmp' style file, of which users are currently
# logged in, and where they've logged in from.
@@ -1366,6 +1366,9 @@
# realmslash
suffix
+ # Ah HA This is where one of them goes!
+ sql
+
#
# Read the 'users' file
files
@@ -1499,6 +1502,9 @@
unix # wtmp file
+ # And here is another place!
+ sql
+
#
# For Simultaneous-Use tracking.
#
@@ -1517,7 +1523,7 @@
# The rlm_sql module is *much* faster
session {
radutmp
-# sql
+ sql
}
diff -ruN orig/realms raddb/realms
--- orig/realms 2003-08-12 15:53:02.000000000 -0600
+++ raddb/realms 1969-12-31 17:00:00.000000000 -0700
@@ -1,40 +0,0 @@
-#
-# THIS FILE IS DEPRECATED.
-#
-# You should NOT be using this file to configure the server.
-# It is here ONLY for backwards compatibility.
-#
-# See 'proxy.conf' for the new configuration.
-#
-#
-# realms This file contains a list of realms. When a user logs
-# in with @realm as the last part of the loginname,
-# the realm part is looked up in this file. If found,
-# the request is sent to the listed remote radius server.
-#
-# Description of the fields:
-#
-# * The first field is a realm name.
-# The realm DEFAULT matches all realms.
-# * The second field is a hostname. Optional is :port to
-# use a non-standard port. In that case, port is the
-# authentication port and the accounting port is taken
-# as port + 1.
-# If this field is set to LOCAL, the request is processed
-# normally without sending it to a remote radius server.
-# * Extra fields with options can follow. Currently
-# defined options:
-# - nostrip do not strip @realm from the username
-# - notrealm do not match realm in proxy decisions
-# this option replaces 'notsuffix'
-#
-# - notsuffix deprecated, but still supported
-#
-
-# Realm Remote server [:port] Options
-#---------------- --------------------- -------
-#isp2.com radius.isp2.com nostrip
-#company.com radius.company.com:1600
-#bla.com LOCAL
-#replicateme radius2.company.com notrealm
-#foo.com 192.168.1.39
