Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Replacement for config.xml and raddb/users for freeradius2

    Scheduled Pinned Locked Moved Captive Portal
    4 Posts 2 Posters 921 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simply seth
      last edited by

      Is there an alternate storage method in freeradius2 for user information that normally would be found in config.xml and raddb/users ?

      After fighting and fussing for a week, I finally have MySQL running, and I was hoping that the information would be stored in the supplied schema, but that doesn't appear to be the case.

      so if it can be done with MySQL and/or LDAP that would be great.

      I'm strategizing how to automate the addition and removal of of users in a programmatic fashion using php and/or python (and/or ruby), I want to know what my options are before I start designing my solution.

      I'm hoping that it doesn't come down to having PHP and/or Python and/or Ruby directly edit config.xml

      Thanks.

      1 Reply Last reply Reply Quote 0
      • J
        jhochwald
        last edited by

        Hi,

        MySQL is an option! I use MySQL on some of my installations for CP users and it works fine ;-)
        I use some scripts to load users directly into the database. The DB itself is based on the schema that is provided with FreeRadius. No modifications.

        LDAP should work (never tried it with pfSense). It is a performance boost, LDAP is lightning fast for read only actions (What AAA is most of the time).

        Have fun!

        Regards

        /JH

        1 Reply Last reply Reply Quote 0
        • S
          simply seth
          last edited by

          @jhochwald:

          Hi,

          MySQL is an option! I use MySQL on some of my installations for CP users and it works fine ;-)
          I use some scripts to load users directly into the database. The DB itself is based on the schema that is provided with FreeRadius. No modifications.

          LDAP should work (never tried it with pfSense). It is a performance boost, LDAP is lightning fast for read only actions (What AAA is most of the time).

          Have fun!

          What table are the user accounts supposed to be stored in ?
          My greatest desire to store all user info on the DB.
          Thanks for the reply.

          1 Reply Last reply Reply Quote 0
          • J
            jhochwald
            last edited by

            @simply:

            What table are the user accounts supposed to be stored in ?
            My greatest desire to store all user info on the DB.
            Thanks for the reply.

            DB? Table?
            Yes, LDAP can use databases. It's up to you to configure a database backend for your LDAP Server!

            I use the OpenLDAP build in database, no fancy backends.
            Here are some relevant LDIF Files:

            dn: ou=users,dc=bewoelkt,dc=lan
            ou: users
            objectClass: top
            objectClass: organizationalUnit
            structuralObjectClass: organizationalUnit
            
            dn: ou=groups,dc=bewoelkt,dc=lan
            ou: groups
            objectClass: top
            objectClass: organizationalUnit
            structuralObjectClass: organizationalUnit
            
            dn: uid=jho,ou=users,dc=bewoelkt,dc=lan
            objectClass: top
            objectClass: radiusprofile
            objectClass: inetOrgPerson
            cn: jho
            sn: jho
            uid: jho
            description: Radius User Joerg Hochwald
            userPassword: PWhere
            radiusReplyItem: WISPr-Redirection-URL+='http://www.bewoelkt.net'
            radiusReplyItem: WISPr-Bandwidth-Max-Down+=1024
            radiusReplyItem: WISPr-Bandwidth-Max-Up+=1024
            radiusReplyItem: WISPr-Location-Name+="FFM01"
            radiusReplyItem: WISPr-Location-ID+="01"
            radiusReplyItem: WISPr-Max-Daily-Session+=3600
            radiusReplyItem: Simultaneous-Use+="0"
            radiusReplyItem: Max-Daily-Session+='3600'
            radiusReplyItem: MHS-INT-Site+="Default"
            radiusReplyItem: myHotspot-Group+="Guest"
            radiusSessionTimeout: 7200
            

            Just include the Radius Schema in /etc/ldap/slapd.conf:

            # Radius include
            include /etc/ldap/schema/radius.schema
            

            Now create a file (schema.conf below) with the following content:

            include /etc/ldap/schema/radius.schema
            

            And import the Schema to your LDAP Server:

            slaptest -f schema.conf -F testdir/
            ldapadd -Y EXTERNAL -H ldapi:/// -f testdir/cn\=config/cn\=schema/cn\=\{0\}radius.ldif
            

            The Schema above works fine with pfSense. Just did some tests with 50k Users (imported via LDIF).
            There is only one problem: The RADIUS didn't return all radiusReplyItem configured in the example above. But I didn't find the time to dig into that issue. All relevant infos are parsed :)

            For mySQL: You will find a lot of good howtos via Google (Remember, this is your friend) ;-)

            Regards

            /JH

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.