Replacement for config.xml and raddb/users for freeradius2
-
Is there an alternate storage method in freeradius2 for user information that normally would be found in config.xml and raddb/users ?
After fighting and fussing for a week, I finally have MySQL running, and I was hoping that the information would be stored in the supplied schema, but that doesn't appear to be the case.
so if it can be done with MySQL and/or LDAP that would be great.
I'm strategizing how to automate the addition and removal of of users in a programmatic fashion using php and/or python (and/or ruby), I want to know what my options are before I start designing my solution.
I'm hoping that it doesn't come down to having PHP and/or Python and/or Ruby directly edit config.xml
Thanks.
-
Hi,
MySQL is an option! I use MySQL on some of my installations for CP users and it works fine ;-)
I use some scripts to load users directly into the database. The DB itself is based on the schema that is provided with FreeRadius. No modifications.LDAP should work (never tried it with pfSense). It is a performance boost, LDAP is lightning fast for read only actions (What AAA is most of the time).
Have fun!
-
Hi,
MySQL is an option! I use MySQL on some of my installations for CP users and it works fine ;-)
I use some scripts to load users directly into the database. The DB itself is based on the schema that is provided with FreeRadius. No modifications.LDAP should work (never tried it with pfSense). It is a performance boost, LDAP is lightning fast for read only actions (What AAA is most of the time).
Have fun!
What table are the user accounts supposed to be stored in ?
My greatest desire to store all user info on the DB.
Thanks for the reply. -
@simply:
What table are the user accounts supposed to be stored in ?
My greatest desire to store all user info on the DB.
Thanks for the reply.DB? Table?
Yes, LDAP can use databases. It's up to you to configure a database backend for your LDAP Server!I use the OpenLDAP build in database, no fancy backends.
Here are some relevant LDIF Files:dn: ou=users,dc=bewoelkt,dc=lan ou: users objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: ou=groups,dc=bewoelkt,dc=lan ou: groups objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit
dn: uid=jho,ou=users,dc=bewoelkt,dc=lan objectClass: top objectClass: radiusprofile objectClass: inetOrgPerson cn: jho sn: jho uid: jho description: Radius User Joerg Hochwald userPassword: PWhere radiusReplyItem: WISPr-Redirection-URL+='http://www.bewoelkt.net' radiusReplyItem: WISPr-Bandwidth-Max-Down+=1024 radiusReplyItem: WISPr-Bandwidth-Max-Up+=1024 radiusReplyItem: WISPr-Location-Name+="FFM01" radiusReplyItem: WISPr-Location-ID+="01" radiusReplyItem: WISPr-Max-Daily-Session+=3600 radiusReplyItem: Simultaneous-Use+="0" radiusReplyItem: Max-Daily-Session+='3600' radiusReplyItem: MHS-INT-Site+="Default" radiusReplyItem: myHotspot-Group+="Guest" radiusSessionTimeout: 7200
Just include the Radius Schema in /etc/ldap/slapd.conf:
# Radius include include /etc/ldap/schema/radius.schema
Now create a file (schema.conf below) with the following content:
include /etc/ldap/schema/radius.schema
And import the Schema to your LDAP Server:
slaptest -f schema.conf -F testdir/ ldapadd -Y EXTERNAL -H ldapi:/// -f testdir/cn\=config/cn\=schema/cn\=\{0\}radius.ldif
The Schema above works fine with pfSense. Just did some tests with 50k Users (imported via LDIF).
There is only one problem: The RADIUS didn't return all radiusReplyItem configured in the example above. But I didn't find the time to dig into that issue. All relevant infos are parsed :)For mySQL: You will find a lot of good howtos via Google (Remember, this is your friend) ;-)