Re: How to transfer authentication method from system to mysql?

Sun, 04 Dec 2005 06:42:22 -0800 

darkblue wrote:

DEFAULT         Auth-Type := System, Group == "admin", Huntgroup-Name == "cisco"
                Service-Type = NAS-Prompt-User,
                Cisco-AVPair = "shell:priv-lvl=15",
                Login-Service = Telnet

DEFAULT         Auth-Type := System, Group == "monitor",
Huntgroup-Name == "cisco"
                Service-Type = NAS-Prompt-User,
                Cisco-AVPair = "shell:priv-lvl=1",
                Login-Service = Telnet

DEFAULT         Auth-Type := System, Group == "admin", Huntgroup-Name == "3com"
                Login-Service = Telnet,
                3Com-User-Access-Level = 3

DEFAULT         Auth-Type := System, Group == "monitor",
huntgroup-Name == "3com"
                Login-Service = Telnet,
                3Com-User-Access-Level = 1




this kind of configuration work just fine. and now, I would like to
use mysql for user db backend. So I got two problem.
1. could mysql utilize the huntgroup file?

yes

2. how to transfer this user info , group check and group reply info
into mysql?
INSERT into radgroupcheck set GroupName='admin', Attribute='User-Name', op=':=', Value='DEFAULT'; INSERT into radgroupcheck set GroupName='admin', Attribute='Auth-Type', op=':=', Value='local'; INSERT into radgroupcheck set GroupName='admin', Attribute='Huntgroup-Name', op=':=', Value='cisco';
INSERT into radgroupreply set GroupName='admin', Attribute='Service-Type', op'=', Value='NAS-Prompt-User'; INSERT into radgroupreply set GroupName='admin', Attribute='Cisco-AVPair', op'=', Value='shell:priv-lvl=15'; INSERT into radgroupreply set GroupName='admin', Attribute='Login-Service', op'=', Value='Telnet';
I think the above would work but I honestly can't see why you would want to use the db for that few number of users. I have never used the Huntgroup-Name attribute like that so you may be better off using the hints file for that if it doesn't work. The hints file might look like this: 
DEFAULT NAS-IP-Address == "192.168.1.1"
        Huntgroup-Name := "cisco"
I believe you are still going to have to have an entry in the radcheck table that lists the user and password as well. INSERT into radcheck set UserName='DEFAULT', Attribute='Password', op=':=', Value='changeme'; 

Then to pull it all together an entry in the usergroup table:
INSERT into usergroups set UserName='DEFAULT', GroupName='admin';
It would seem to me that you would also need a Fall-Through = Yes there somewhere in radgroupcheck. Like I said, never tried to enter anything with the DEFAULT username in the db before. That is really what one intendeduse of the users file. 

If I am off I am sure that Alan will correct me.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to