Dustin Doris wrote:
On Tue, 7 Jun 2005, N White wrote:
Well, thanks for the input. With MySQL, 1500 users is easier to
maintain. Perhaps I should just run a second FreeRADIUS server for the
second NAS. It means more equipment, but whatever it takes.
-Nick
You don't need to do that, you can do it with SQL in one server. First,
work on reading the documentation and installing the server and setting up
mysql for authorization. Once you've got that down, then move on to the
reply values and groups if you want them.
Alan gave you a good start with the users file entries. Read man 5 users,
that will tell you about the users file. You'll take that info and
transfer it to sql.
It would look something like this.
users file only format
bob NAS-IP-Address == foo, Pool-Name := "foo"
bob NAS-IP-Address == bar
Framed-IP-Address := 1.2.3.4
SQL Format.
in the users file
DEFAULT NAS-IP-Address == foo, Pool-Name := "foo"
This says any user from that nas-ip will have Pool-Name set to foo. That
is what ippool will use to assign ips.
in radiusd.conf, in your ip_pool section be sure to include.
override = no
That makes it so a dynamic ip from ippool will not override one statically
assigned to the user as a reply value.
In sql in the radcheck table you put your users and their passwords. In
radreply you put the users and their static ip.
for example,
insert into radcheck (username,attribute,value,op) VALUES
('bob','User-Password','bobspassword','==');
insert into radreply (username,attribute,value,op) VALUES
('bob','Framed-IP-Address','1.1.1.1',':='),
('bob','Framed-IP-Netmask','255.255.255.0',':=');
That should give you a good start. Get it setup and if you run into
problems post radiusd -X to the list and describe what you are trying to
do.
You can add groups into if you want but right now you probably won't need
it.
Hope that is helpful.
Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ NOD32 1.1132 (20050607) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
Actually I already have two running FreeRADIUS servers with SQL. That
isn't the hard part. The problem with your instructions is that I'm not
using ippool to assign dynamic IPs, our NASes are doing that (Portmaster
2/3). I don't have a problem setting up static IPs either, as we have
several Dial-Up users who need those also. The problem lies in that I
want to use the RADIUS server for PPPoE authentication also. But I want
to allow users who log in through PPPoE to also be able to log in
regularly(Dial-Up), when their PPPoE isn't logged in. BUT, when they log
in through PPPoE, I want them to be assigned a static IP, when they
login via Portmasters/Dial-Up, then they don't get the static IP, they
get a regular dynamic one.
Basically if a user logs in through NAS1, they are assigned X attributes
with dynamic IP, if they log in through NAS2, they are assigned Y
attributes with a static IP. And all this needs to be done in MySQL,
that way my own PHP frontend(which I intend to release GPL) can work
with it. Also I think MySQL scales better.
-Nick
--
------------------------
| Nick White |
| Network Consultant |
| http://www.edge9.net |
| [EMAIL PROTECTED] |
------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
