Provided by: freeradius-common_3.2.0+dfsg-1_all bug

NAME

       rlm_sql - FreeRADIUS Module

DESCRIPTION

       The  rlm_sql  module  provides  an SQL interface to retrieve authorization information and
       store accounting information.  It can be used in conjunction with, or in lieu of the files
       and detail modules.  The SQL module has drivers to support the following SQL databases:

            db2
            iodbc
            mysql
            oracle
            postgresql
            sybase
            unixodbc

       Due  to the size of the configuration variables, the sql module is usually configured in a
       separate file, which is included in the main radiusd.conf via an include directive.

       The main configuration items to be aware of are:

       driver This variable specifies the driver to be loaded.

       server

       login

       password
              These specify the servername, username, and password the module will use to connect
              to the database.

       radius_db
              The name of the database where the radius tables are stored.

       acct_table1

       acct_table2
              These  specify  the tables names for accounting records.  acct_table1 specifies the
              table where Start records are stored.  acct_table2 specifies the table  where  Stop
              records are stored.  In most cases, this should be the same table.

       postauth_table
              The name of the table to store post-authentication data.

       authcheck_table

       authreply_table
              The tables where individual Check-Items and Reply-Items are stored.

       groupcheck_table

       groupreply_table
              The tables where group Check-Items and Reply-Items are stored.

       usergroup_table
              The table where username to group relationships are stored.

       deletestalesessions
              This  option  is set to 'yes' or 'no'.  If you are doing Simultaneous-Use checking,
              and this is set to yes, stale sessions ( defined  as  sessions  for  which  a  Stop
              record was not received ) will be cleared.

       logfile
              This  option  is useful for debugging sql problems.  If logfile is set then all sql
              queries for the containing section are written to  the  file  specified.   This  is
              useful for debugging and bulk inserts.

       num_sql_socks
              The number of sql connections to make to the database.

       connect_failure_retry_delay
              The  number  of seconds to wait before attempting to reconnect to a failed database
              connection.

       sql_user_name
              This is the definition of the SQL-User-Name attribute.  This is set once,  so  that
              you  can  use  %{SQL-User-Name} in the SQL queries, rather than the nested username
              substitution.  This ensures that  Username  is  parsed  consistently  for  all  SQL
              queries executed.

       default_user_profile
              This is the default profile name that will be applied to all users if set.  This is
              not set by default.

       query_on_not_found
              This option is set to 'yes' or 'no'.  If set to yes, then the default user  profile
              is returned if no specific match was found for the user.

       authorize_check_query

       authorize_reply_query
              These  queries  are  run  during  the  authorization  stage  to  extract  the  user
              authorization information from the ${authcheck_table} and ${authreply_table}.

       authorize_group_check_query

       authorize_group_reply_query
              These queries  are  run  during  the  authorization  stage  to  extract  the  group
              authorization information from the ${groupcheck_table} and ${groupreply_table}.

       accounting_onoff_query
              The query to be run when receiving an Accounting On or Accounting Off packet.

       accounting_update_query

       accounting_update_query_alt
              The  query  to  be  run when receiving an Accounting Update packet.  If the primary
              query fails, the alt query is run.

       accounting_start_query

       accounting_start_query_alt
              The query to be run when receiving an Accounting  Start  packet.   If  the  primary
              query fails, the alt query is run.

       accounting_stop_query

       accounting_stop_query_alt
              The query to be run when receiving an Accounting Stop packet.  If the primary query
              fails, the alt query is run.

       simul_count_query
              The query to be run to return the number simultaneous sessions for the purposes  of
              limiting Simultaneous Use.

       simul_verify_query
              The  query  to  return  the detail information needed to confirm that all suspected
              connected sessions are valid, and are not stale sessions.

       group_membership_query
              The query to run to check user group membership.

       postauth_query
              The query to run during the post-authentication stage.

CONFIGURATION

       Due to the size of the configuration for this module, it is not included  in  this  manual
       page.    Please   review   the  supplied  configuration  files  for  example  queries  and
       configuration details.

SECTIONS

       authorization, accounting, checksimul, post-authentication

FILES

       /etc/freeradius/3.0/radiusd.conf,                            /etc/freeradius/3.0/sql.conf,
       /etc/freeradius/3.0/sql/<DB>/dialup.conf, /etc/freeradius/3.0/sql/<DB>/schema.sql,

SEE ALSO

       radiusd(8), radiusd.conf(5),

AUTHORS

       Chris Parker, cparker@segv.org

                                         5 February 2004                               rlm_sql(5)