![]() multiple Cisco- AVpair's) you should use the += operator instead otherwise only the first one will be returned. Most return attributes should have a := operator, although if you're returning multiple attributes of the same type (e.g. #Free sql clients sql server passwordThe password check attribute MUST use :=. Note the operator ('op') values used in the various tables. Of course, if you feel like or need to add any other attributes, that's kind of up to you! 'dialrouter' also has an idle-timeout attribute so the router gets kicked if it's not doing anything - you could add this for other users too if you wanted to. 'dialrouter' is a dial-up router, so as well as needing a static IP it needs route and mask attributes (etc) to be returned. 'fred' needs no entries in radreply as he is dynamically assigned an IP via the NAS - so he'll just get the 'dynamic' group entries from radgroupreply ONLY. In this example, 'barney' (who is a single user dialup) only needs an attribute for IP address in radreply so he gets his static IP - he does not need any other attributes here as all the others get picked up from the 'static' group entries in radgroupreply. | 42 | netdial | Framed-Protocol | PPP | := | | 41 | netdial | Service-Type | Framed-User | := | | 39 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := | | 38 | static | Service-Type | Framed-User | := | ![]() | 37 | static | Framed-Protocol | PPP | := | | 32 | dynamic | Service-Type | Framed-User | := | | 33 | dynamic | Framed-Protocol | PPP | := | | 34 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := | | id | GroupName | Attribute | Value | Op | | 6 | dialrouter | Idle-Timeout | 900 | := | | 4 | dialrouter | Framed-Routing | Broadcast-Listen | := | | 2 | dialrouter | Cleartext-Password | dialup | := | | 2 | barney | Cleartext-Password | betty | := | | 1 | fredf | Cleartext-Password | wilma | := | | id | UserName | Attribute | Value | Op | Mysql -uroot -p radius select * from radcheck Note: use a more secure password than "radpass" in the above exampleĬd /usr/share/doc/packages/freeradius/doc/examples/ GRANT ALL ON radius.* TO IDENTIFIED BY "radpass" On SUSE this is under /usr/share/doc/packages/freeradius/ ![]() There is an SQL script file for each SQL type in doc/examples/ in your operating system's doc directory (or where you untar'd FreeRADIUS). Next up, you need to create the schema for your database. You could of course call the database and the user anything you like but you probably should stick with 'radius' for both to keep things simple. See Basic configuration HOWTO Setting up the RADIUS databaseįirst, you should create a new empty 'radius' database in SQL and a database user with permissions to that database. Installation is most easily accomplished by installing a binary package (rpm, deb), but if you have a less well known operating system you may need to build your own. As the premiere open source RADIUS suite it is included as a standard package with numerous Operating Systems and has packages for many others. #Free sql clients sql server installWe have some sample configs for Cisco NAS available here.įirstly, you need to install FreeRADIUS Server on your system. Before starting with FreeRADIUS, please make sure your server is up and configured on your network, that you have your SQL server of choice (MySQL, Postgresql etc) installed and running, and that your NAS is configured to send RADIUS requests to your RADIUS server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |