RouterOs MySql Freeradius

From MikroTik Wiki
Jump to: navigation, search

Mikrotik and Freeradius 1.0.4+ with MySql For PPP Authentication
This guide assumes you have a working Linux system (for the purpose of this guide Ubuntu 5.10 is used), The Linux system can communicate with the RouterOs system and you have a basic understanding of Linux and MySql commands. The purpose of this document is to walk you through the steps needed to configure freeradius, get freeradius talking to MySql and finally getting your RouterOs system to authenticate and assign IP's for PPP* connections.

All of the commands in the following guide assumes you are logged into *NIX systems as root or RouterOs systems as Admin

Setting Up Freeradius
Once you have installed freeradius with the MySql module on your Linux system its time to tidy up the base configuration. This guide assumes that the freeradius server will ONLY be serving RouterOs systems. In order for Mikrotik & freeradius to work nicely together a lot of unnecessary options/features in freeradius must be removed or turned off, we start this by trimming radiusd.conf radiusd.conf

An example of a trimmed radiusd.conf can be found Here - This is in production use on a Ubuntu 5.10 server processing requests for PPPoE, We will now run through the file and i will explain what options do what

prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius

log_file = ${logdir}/radius.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad

The above options are specific to your installation of freeradius and may be different from these, do not overwrite your local setting with the above settings, you may find your freeradius server not long functions correctly - it is generally better to leave these settings alone
max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = *

These settings control your server, what you should change here is the max_requests setting and the bind address, max_requests should be set to 256 * Number of routers using this radius server, it is better to set this number too high than it is to set it too low, if this number is too low the server will stop responding to radius requests when under load. For this example I have said that 4 RouterOs devices will use this radius server so 1024 is an ideal number. Alter the ‘bind_address’ if you have multiple network interfaces or ip’s on the *NIX box, otherwise it's safe to leave it how it is
port = 0 hostname_lookups = no allow_core_dumps = no

Leave these off, its better for everyone
regular_expressions extended_expressions = yes = yes

Depending on how your freeradius server was compiled you can use RegEx, if it was turned on when freeradius was compiled then you are able to turn it either on or off, if it was not turned on at compile time then you are unable to turn it on, doing so will cause freeradius to error at startup
log_stripped_names = yes log_auth = no log_auth_badpass = no log_auth_goodpass = no

The above section is really just to stop your log files clogging up, for debugging you could turn the above options to 'Yes' but there are better ways to debug failed radius requests which I will

actually the doc's just say may result in the server behaving strangely. In a production server this should be set around 3-5 Status server is turned off because its useless. however if you add users to freeradius with mixed case or upper case this will cause freeradius to reject the request nospace_user = before nospace_pass = before This is the same again.show you later in the guide usercollide = no Turning this on may rip a hole in the fabric of space-time. this is something not needed is a simple setup but it may be usefull if the server is going to be under heavy production load lower_user = before lower_pass = before This will change all the usernames and passwords on incoming radius requests to lower case.conf. However in versions 1. only this time it will remove and spaced in the username and password checkrad = ${sbindir}/checkrad We leave this alone . I prefer to leave it at its default of 200 however those that will use this radius server ONLY for mikrotik you can safely set this to 10-30. Reject delay slows down brute force cracking attempts.Mikrotik is not one of these devices proxy_requests = no We won’t be running a radius proxy so we can turn this off $INCLUDE ${confdir}/clients. however it slows down debugging and testing so during testing we set this to 1. its only included for legacy support to from devices that use radius .1+ this can be used to check for stale connections in the radius database.it just does checks on the NAS devices security { max_attributes = 200 reject_delay = 1 status_server = no } This sets the maximum number of radius attributes in a incoming or outgoing radius packet. i prefer this in my network as we only allow lower case usernames when users sign up.conf After we have cleaned this file up we will setup clients. this is NOT where you setup users .

max_requests_per_server should be altered to 512 or 1024.but where you setup the devices that are allowed to use the radius server snmp = no I don’t use SNMP on my network to monitor the freeradius server thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } This controls how many 'process' are spawned by freeradius. this is the number of requests that the child process will handle before dying.chap and mschap acct_unique { key = "User-Name. in this case we will use pap. NAS-IP-Address. Mikrotik doesn’t do this as far as I am aware but its better safe than sorry $INCLUDE ${confdir}/sql. NAS-Port" } This creates a unique account ID for accounting updates. it helps avoid issues where a child process is locked up modules { pap { } chap { } mschap { } authtype = CHAP authtype = MS-CHAP use_mppe = no encryption_scheme = crypt This defines the authentication methods used by freeradius. we will be altering this file soon counter daily { filename = ${raddbdir}/db. you can tweak these settings for fine turning the server's performance.conf This includes the MySql configuration for the server. Client-IPAddress. Acct-Session-Id.daily key = User-Name . sometimes devices can reuse the same accounting ID which causes problems.

so we leave them alone instantiate { } authorize { chap mschap sql } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } preacct { acct_unique } accounting { sql } session { sql } post-auth { sql . it will reset some attributes daily so that the accounting packets work correctly always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } } These are here for debugging purposes.} count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 Since our users may be connected for more than 24 hours at a time we keep this in here.

conf and clients. this should be AVOIDED at all costs.0/24 { secret = somepassword shortname = Subnet nastype = mikrotik } Here we have defined an entire IP subnet rather than a single IP. it allows devices on the network to access the radius server that you may not want having access Clients. we will start with clients. it’s helpful for testing and debugging.0. where possible only allow single IP's as it will decrease the risk of someone on your network hacking the server .conf file can be found Here client 127.1 { secret = somepassword shortname = localhost nastype = other } Always keep this in the file .168.0.it allows the server itself to use the freeradius server.0.conf is rather simple to setup.conf which is used to setup which devices are allowed to use freeradius and a password for basic security. Once again the trimmed clients.conf. 'secret' is the password that the device using freeradius must have before it can start using freeradius 'shortname' is a simple identifier for use in logging.2 { secret = somepassword shortname = SingleRouter nastype = mikrotik } In this example we have specified a single IP address on a network client 192.168.0. if you have a lot of devices using a single freeradius server it can make debugging a lot easier by having a different shortname for each device 'nastype' is always set to other when the device is RouterOs client 192.conf Next up we have to alter sql.} These are all setup to point to the MySql database for their purpose clients.

you should change this before trying to run freeradius acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "usergroup" The above defines the structure of the database and where freeradius should look for it's information deletestalesessions = yes Its best to leave this on sqltrace = no sqltracefile = ${logdir}/sqltrace.5" login = "radius" password = "hackme" radius_db = "radius" This is the server IP address. MySql can be running locally on the same server or can be hosted off site • Be aware that if the MySql server is hosted off site and goes down all freeradius requests will be rejected until freeradius can connect to the MySql server again Trimmed file is Here sql { driver = "rlm_sql_mysql" server = "192.0.conf This file defines the connection to your MySql server.sql If you are having trouble with MySql you can turn this on and it will log all MySql commands freeradius executes num_sql_socks = 5 connect_failure_retry_delay = 60 .168.sql.username/password and database needed for freeradius to connect to the MySql database.

# # $Id$ # VENDOR Mikrotik 14988 BEGIN-VENDOR ATTRIBUTE ATTRIBUTE Mikrotik Mikrotik-Recv-Limit Mikrotik-Xmit-Limit 1 2 3 4 5 6 integer integer string integer integer integer # this attribute is unused ATTRIBUTE Mikrotik-Group ATTRIBUTE ATTRIBUTE ATTRIBUTE Mikrotik-Wireless-Forward Mikrotik-Wireless-Skip-Dot1x Mikrotik-Wireless-Enc-Algo .com/documentation//manual_2.mikrotik. it contained the exact SQL query freeradius uses for various database look ups. # # On top of that.The number of connection's freeradius will keep open to the MySql server and how long it will wait before trying to reconnect if the MySql server goes down Removed to keep page formatting nice The rest of the file had to be removed to make sure page formatting remained tidy. unless you know what you are doing do not alter this section } dictionary The last file we have to edit is the dictionary.mikrotik. the sample dictionary file they provide # DOES NOT WORK. the Mikrotik-dictionary is included in the freeradius package. this is the file that defines all the attributes that freeradius uses to talk to RouterOS. but don’t start freeradius just yet .9/dictionary # # Do NOT follow their instructions and replace the dictionary # in /etc/raddb with the one that they supply.com # # http://www. Mikrotik Dictionary File as included with FreeRADIUS: # -*.you will find it wont work as we need to setup the MySql database with the correct tables.mikrotik Congrats! Freeradius is now setup on the server.text -*# http://www. Do NOT use it. It is NOT necessary. $INCLUDE /usr/share/freeradius/dictionary # Include the Mikrotik specific dictionary $INCLUDE /usr/share/freeradius/dictionary. (/etc/freeradius/dictionary). we simply need to include it in the main dictionary file.

Once again freeradius.ATTRIBUTE Mikrotik-Wireless-Enc-Key ATTRIBUTE Mikrotik-Rate-Limit ATTRIBUTE Mikrotik-Realm ATTRIBUTE Mikrotik-Host-IP ATTRIBUTE Mikrotik-Mark-Id ATTRIBUTE Mikrotik-Advertise-URL ATTRIBUTE Mikrotik-Advertise-Interval ATTRIBUTE Mikrotik-Recv-Limit-Gigawords ATTRIBUTE Mikrotik-Xmit-Limit-Gigawords # MikroTik Values VALUE VALUE VALUE Mikrotik-Wireless-Enc-Algo Mikrotik-Wireless-Enc-Algo Mikrotik-Wireless-Enc-Algo Mikrotik No-encryption 40-bit-WEP 104-bit-WEP 7 8 9 10 11 12 13 14 15 string string string ipaddr string string integer integer integer 0 1 2 END-VENDOR ---- SettingUp Mysql This is a simple task of importing an SQL file into the database. If you are unable to do this then you need to have a look at if you are the right person to be putting radius into place for your company Once you have imported the sql file and setup the MySql user with the right permissions then you should be able to start up the freeradius server like this freeradius -x All going well you should see this Starting . then setting up the MySql user and finally granting the correct permissions.157. #0 rlm_sql (sql): starting 1 . This guide assumes you are not completely new to MySql. Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to radius@124..2:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle.reading configuration files .. RouterOs or Radius and as such i will not walk you thought importing the file or setting up the MySql user.sql is Here. The hardest part I found was finding a copy of the sql schema to import.64.

looks at local PPP users first then sends a "Access-Request" packet to freeradius Sending Access-Request of id 0 to 192. For example rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'mao.. #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle.0.. Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. If you do then pat yourself on the back.co. If not then freeradius is very good at its error messages.ubernet.rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle. #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Initializing the thread pool.2:1812 User-Name = "testing" User-Password = "testing" • Freeradius connect to MySql database and looks at "radcheck" table for user-name 'testing'.168.conf correctly Crash Course On Radius At this point its a good time to explain what goes on in a basic radius transaction and how it interacts with the MySql database • Client Desktop Attempts PPPoE connection RouterOS Router recives PPPoE connection attempt. If freeradius finds a row with the right username it will check the password .nz' (using password: YES)' Tells you that either you MySql permissions are not setup correctly or you didn’t setup sql. #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle. the hardest part is done now. #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle.

id=0. In your case replace test-user and test-pass with your username and password. 'test-pass').1 Rate-Limit = "256k/256k" To sum it all up 1. 'user-password'. some will use the 'mysql' command in *NIX others will use a front-end like phpmyadmin .2:1812.0. 5. for this example i will walk you though the raw SQL commands to create and new user with a password and IP address of '192. Now that freeradius will accept our user-name and user-password we should tell it some attributes to .0.0. 4. The first thing freeradius looks for is the user-name.It doesn’t matter as long as the commands are entered correctly.168. '=='. user-password should be changed to Cleartext-Password. then it makes sure that supplied password matches the password in MySql.100' How you enter the sql into MySql comes down to personal taste.using it with RouterOs for PPP* is easy once you understand how freeradius check it's information and where it looks for reply attributes Setting Up Users In MySql Now that you know about how freeradius does things its time to start adding users into the database. Value ) VALUES ( NULL . length=20 • If freeradius does find rows however it will send those rows back with the "AccessAccept" like this: Access-Accept packet from host 192. UserName . if none are found then an "Access-Accept" Access-Accept packet from host 192.0. id=0. 2.168. Client Talks to RouterOs RouterOS looks at itself then looks to Freeradius Freeradius connects to MySql Freeradius checks some things in MySql and send back the response RouterOs acts on this reponses Radius is a VERY powerful protocol and it's very complex . 'test-user'. NOTE: With freeradius2.2:1812. 3. We setup the sql like this INSERT INTO radcheck ( id .168. Attribute .• against the user-password sent in the access-request packet otherwise freeradius with send an "Access-Reject" packet back and RouterOs will decline the Client Desktop's Attempt for PPPoE If freeradius finds a correct match of user-name and user-password then it looks in "radreply" for any and all rows that contain the user-name. length=43 Framed-IP-Address = 127.0. op .

Attribute .168.2 10 somepassword And you should see the following root@test-mikrotik:/#radtest test-user test-pass 192.168.2:1812.168.100 root@test-mikrotik:/# If the above test fails the following are some common errors root@test-mikrotik:/#radtest test-user test-pass 192.0. 'Framed-IP-Address'. length=26 Framed-IP-Address = 192. UserName .2 10 somepas Sending Access-Request of id 7 to 124.reply with.157. like our static IP address INSERT INTO radreply ( id .0.100').0.6:1812 . to test our setup as it is with radtest we do the following radtest test-user test-pass 192. op . '='.0. Radius Client Radtest.0.168.2 10 somepass Sending Access-Request of id 223 to 192.64. A user loaded with a static IP address If you don't then try to Google any errors or the Mikrotik Forums If you do then GREAT! So let’s test. This comes with freeradius package in Debian/Ubuntu and others.0. MySql server with the freeradius database and user setup 3.0.168. 'test-user'.168.157. by now you should have: 1.6:1812 User-Name = "test-user" User-Password = "test-pass" NAS-IP-Address = 192.5 NAS-Port = 10 rad_recv: Access-Accept packet from host 192.168.168.5 NAS-Port = 10 Re-sending Access-Request of id 7 to 124.168. id=223.64.2:1812 User-Name = "test-user" User-Password = "test-pass" NAS-IP-Address = 192. repeat the last sql statement with as many attributes as you want Testing What We Have Done So Far So you've gotten this far. Simple as that the user is created and given a static IP address.0.0. A running freeradius server that’s lean and mean 2. '192. Value ) VALUES (NULL .

check it and try again Any other errors you get mean you put the error message through Googleand if it still fails check your configuration from the top Configuring RouterOs for Radius & PPP* AAA • This is designed for RouterOs 2. echo "NAS-Port = $4". 2. id=7.6:1812 User-Name = "test-user" User-Password = "\271[\023\241I\352I6\336zGJ\270\247\217\356" NAS-IP-Address = 192. fi ) 29191 Aborted | $radclient $DICTIONARY -x $3 auth $5 root@test-mikrotik:/# As you can see it's telling you the secret in clients. /usr/bin/radtest: line 53: 29190 Done ( echo "User-Name = \"$1\"". check the secret and try again root@test-mikrotik:/#radtest test-user test-pass 192.0.64. echo "User-Password = \"$2\"".conf and the one you supplied do not match.168.9.) radclient: radclient. length=20 root@test-mikrotik:/ # This one looks like your username or password supplied doesn’t match the one in the database. On top of this it is designed for a clean router with no existing PPPoE servers or Radius client’s setup Well now the end is insight. length=20 rad_decode: Received Access-Reject packet from 124. then echo "Framed-Protocol = PPP".168.8 Users may find none of the following works at all.6:1812 with invalid signature (err=2)! (Shared secret is incorrect.2 10 somepas Sending Access-Request of id 32 to 124.64. .0.User-Name = "test-user" User-Password = "\030&\375\273\031*@\340\340\023\263\270\347/!\360" NAS-IP-Address = 192.0.c:440: send_one_packet: Assertion `radclient->reply == ((void *)0)' failed. all that’s left now is to configure RouterOs as a radius client and tell the PPPoE server to use AAA. if [ "$6" ].157.168. id=32.157.168.0.157.157. echo "NAS-IP-Address = $nas".5 NAS-Port = 10 Re-sending Access-Request of id 32 to 124.6:1812 User-Name = "test-user" User-Password = "test-pas" NAS-IP-Address = 192.6:1812.5 NAS-Port = 10 rad_recv: Access-Reject packet from host 124.5 NAS-Port = 10 rad_recv: Access-Reject packet from host 124.64.64.64.157.6:1812.

userinfo .usergroup radius.1).cnf: [mysqld] replicate-do-table replicate-do-table replicate-do-table replicate-do-table replicate-do-table replicate-do-table = = = = = = radius.0.168. all that’s left to do now is setup a PPPoE server on the router and attempt to connect a user to do. Slave configuration Add to /etc/mysql/my.RouterOs Radius Client /radius add service=ppp address=192.0.2 secret=somepassword accountingport=1813 authentication-port=1812 timeout=500ms What this does is tell RouterOs that when a PPP user tries to login it will look to the local ppp users list and then will send a access-request packet to 192.168. Note Use mysql-server-4.radcheck radius. If you get stuck remember to check the user-name and userpassword is correct and you can put freeradius into verbose debug mode by going freeeradius -x Other wise Google is your friend then the Mikrotik Forums. MySQL replication MySQL replication is an easy way of creating hardware redundancy.radgroupcheck radius.radreply radius. MySQL replication can be done this way.1 instead of the standard mysql-server(on Debian 3. which will be updated every 5 minutes Whats Left To Do Well that’s the end of this guide.radgroupreply radius.2 with a secrey of 'somepassword' and will wait 500ms for a reply before resending RouterOs PPP AAA setup /ppp aaa set accounting=yes interim-update=5m use-radius=yes This part tells RouterOs to use radius and to use accounting also.

you can use this web interface. Generates MRTG configuration and gets accounting information from MySQL.For easier administration. mysql> load data from master. I personally had a lot of trouble finding good information on how to setup freeradius best for use with RouterOs and alot of the configuration comes from a production server. Snapshot of radius.Monitor your user’s traffic with MRTG. Last Words I hope you find this guide helpful. please link it. -> MASTER_PASSWORD='replication_password'. Tried using google to locate that page. -> MASTER_USER='replication_user_name'.Start synchronisation # mysql –prootpassword mysql> change master to -> MASTER_HOST='master_host_name'. Wifi Auth etc) In the mean time please leave some feedback on the talk page.log .conf from web archive prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius. If you have that materiel somewhere else. but it is nowhere to be found. Stay tuned for more guides from me(Tristram) about using freeradius more in a Mikrotik Network(DHCP. Talk:RouterOs_MySql_Freeradius Links to related articles MRTG RADIUS MySQL Accounting . • o This link is dead. ** RADIUS webfrontend .

libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = freerad group = freerad max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions extended_expressions log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = before lower_pass = before nospace_user = before nospace_pass = before checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests $INCLUDE snmp = no = yes = yes ${confdir}/clients.conf = no thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } .

Client-IPAddress.modules { pap { } chap { } mschap { encryption_scheme = crypt authtype = CHAP authtype = MS-CHAP use_mppe = no } acct_unique { key = "User-Name.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } } instantiate { } authorize { chap mschap sql } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap . NAS-Port" } $INCLUDE ${confdir}/sql. Acct-Session-Id.conf counter daily { filename = ${raddbdir}/db. NAS-IP-Address.

ConnectInfo_start varchar(32) default NULL.org ########################################################################### # db_mysql. CalledStationId varchar(50) NOT NULL default ''. AcctOutputOctets bigint(12) default NULL. AcctStopTime datetime NOT NULL default '0000-00-00 00:00:00'. AcctTerminateCause varchar(32) NOT NULL default ''. ServiceType varchar(32) default NULL. AcctStartTime datetime NOT NULL default '0000-00-00 00:00:00'. UserName varchar(64) NOT NULL default ''. ConnectInfo_stop varchar(32) default NULL. AcctSessionId varchar(32) NOT NULL default ''.sql # # # # Mike Machado <mike@innercite. . NASIPAddress varchar(15) NOT NULL default ''. CallingStationId varchar(50) NOT NULL default ''.FreeRADIUS SQL Module # # # # Database schema for MySQL rlm_sql module # # # # To load: # # mysql -uroot -prootpass radius < db_mysql.sql rlm_sql . NASPortType varchar(32) default NULL. AcctUniqueId varchar(32) NOT NULL default ''. AcctAuthentic varchar(32) default NULL.sql from archive.} } preacct { acct_unique } accounting { sql } session { sql } post-auth { sql } Snapshot of freeRadius. NASPortId int(12) default NULL. FramedProtocol varchar(32) default NULL. Realm varchar(64) default ''.com> # ########################################################################### # # Table structure for table 'radacct' # CREATE TABLE radacct ( RadAcctId bigint(21) NOT NULL auto_increment. AcctInputOctets bigint(12) default NULL. FramedIPAddress varchar(15) NOT NULL default ''. AcctSessionTime int(12) default NULL.

op char(2) NOT NULL DEFAULT '=='. KEY NASIPAddress (NASIPAddress) ) . PRIMARY KEY (id).AcctStartDelay int(12) default NULL. op char(2) NOT NULL DEFAULT '='. KEY GroupName (GroupName(32) ) ) . PRIMARY KEY (id). KEY AcctStartTime (AcctStartTime). # # Table structure for table 'radcheck' # CREATE TABLE radcheck ( id int(11) unsigned NOT NULL auto_increment. KEY AcctUniqueId (AcctUniqueId). KEY UserName (UserName(32) ) ) . GroupName varchar(64) NOT NULL default ''. KEY FramedIPAddress (FramedIPAddress). Value varchar(253) NOT NULL default ''. Value varchar(253) NOT NULL default ''. AcctStopDelay int(12) default NULL. # # Table structure for table 'radgroupcheck' # CREATE TABLE radgroupcheck ( id int(11) unsigned NOT NULL auto_increment. Value varchar(253) NOT NULL default ''. KEY AcctSessionId (AcctSessionId). # # Table structure for table 'radgroupreply' # CREATE TABLE radgroupreply ( id int(11) unsigned NOT NULL auto_increment. KEY UserName (UserName). prio int unsigned NOT NULL default '0'. # . PRIMARY KEY (RadAcctId). UserName varchar(64) NOT NULL default ''. KEY GroupName (GroupName(32) ) ) . Attribute varchar(32) NOT NULL default ''. Attribute varchar(32) NOT NULL default ''. KEY AcctStopTime (AcctStopTime). GroupName varchar(64) NOT NULL default ''. op char(2) NOT NULL DEFAULT '=='. PRIMARY KEY (id). Attribute varchar(32) NOT NULL default ''.

PRIMARY KEY (id). date timestamp(14) NOT NULL. op char(2) NOT NULL DEFAULT '='. reply varchar(32) NOT NULL default ''. Attribute varchar(32) NOT NULL default ''. # # Table structure for table 'usergroup' # CREATE TABLE usergroup ( id int(11) unsigned NOT NULL auto_increment. # Format varchar(20). # # # Table structure for table 'dictionary' # #CREATE TABLE dictionary ( # id int(10) DEFAULT '0' NOT NULL auto_increment. # Attribute varchar(64). PRIMARY KEY (id) ) . # # Table structure for table 'radpostauth' # CREATE TABLE radpostauth ( id int(11) NOT NULL auto_increment. # Vendor varchar(32). GroupName varchar(64) NOT NULL default ''. PRIMARY KEY (id). UserName varchar(64) NOT NULL default ''. # Value varchar(64). . pass varchar(64) NOT NULL default ''. UserName varchar(64) NOT NULL default ''.# Table structure for table 'radreply' # CREATE TABLE radreply ( id int(11) unsigned NOT NULL auto_increment. ###################################################################### # # The next two tables are commented out because they are not # currently used in the server. Value varchar(253) NOT NULL default ''. user varchar(64) NOT NULL default ''. # PRIMARY KEY (id) #). # Type varchar(30). KEY UserName (UserName(32) ) ) . KEY UserName (UserName(32) ) ) .

ports int(5). . type varchar(30) DEFAULT 'other'. community varchar(50). secret varchar(60) DEFAULT 'secret' NOT NULL. shortname varchar(32). nasname varchar(128) NOT NULL.# # Table structure for table 'nas' # CREATE TABLE nas ( id int(10) DEFAULT '0' NOT NULL auto_increment. PRIMARY KEY (id). KEY nasname (nasname) ). description varchar(200) DEFAULT 'RADIUS Client'.