FreeRadius can connect to an SQL database to retrieve a user’s details. The FreeRADIUS SQL modules work in pairs. A generic SQL module makes use of a specific database module to interact with the database. This allows easy support for different databases but I am going to demonstrate only for MySQL.
Firstly you have to install MySQL server if not installed.
sudo apt-get install mysql-server
sudo apt-get install libmysqlclient-dev
Preparing the database
FreeRADIUS supplies all the required files to prepare a database for its use.
The FreeRADIUS configuration directory contains a subdirectory called sql . Under the sql subdirectory are subdirectories for the various databases that FreeRADIUS supports. If there is only a directory for MySQL, it is because the FreeRADIUS packages supporting other databases are not installed.
- To create the database named radius and password radpass , issue the following command:
- To create an admin user with the correct permissions for the radius database use the admin.sql file as a template and run it against the radius database. You are encouraged to change the default values. Use the following command:
- Create the schema for the database using the schema.sql file, by using the following command:
- Add Bob to the database as a test user
mysql -uroot -p
CREATE DATABASE radius;
GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY “radpass”;
exit
mysql -u root -p < /etc/raddb/sql/mysql/admin.sql
mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql
mysql -u root -p radius
INSERT INTO radcheck (username, attribute, op, value) VALUES (‘bob’, ‘Cleartext-Password’, ‘:=’, ‘passbob’);
INSERT INTO radreply (username, attribute, op, value) VALUES (‘bob’, ‘Reply-Message’, ‘=’, ‘Hello Bob!’);
Including the SQL configuration
To let FreeRADIUS include the SQL module upon startup, uncomment the following line in radiusd.conf :
#$INCLUDE sql.conf
There you go, now authenticate Alice using the following command
radtest bob passbob 127.0.0.1 100 testing123
The debug output of FreeRADIUS will show how the Access-Request packet arrives and how the FreeRADIUS server responds to this request.
Sending Access-Request of id 17 to 127.0.0.1 port 1812
User-Name = “bob”
User-Password = “passbob”
NAS-IP-Address = 127.0.1.1
NAS-Port = 100
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812,
id=147, length=40
Framed-IP-Address = 127.0.0.1
Reply-Message = “Hello Bob!”
You server is ready to accept authentication from database.
Thx,
Spunkylive