3 ## sql.conf -- SQL modules
7 ######################################################################
9 # Configuration for the SQL module
11 # The database schemas and queries are located in subdirectories:
13 # sql/<DB>/main/schema.sql Schema
14 # sql/<DB>/main/queries.conf Authorisation and Accounting queries
16 # Where "DB" is mysql, mssql, oracle, or postgresql.
21 # The sub-module to use to execute queries. This should match
22 # the database you're attempting to connect to.
27 # * rlm_sql_postgresql
29 # * rlm_sql_null (log queries to disk)
31 driver = "rlm_sql_null"
34 # Several drivers accept specific options, to set them, a
35 # config section with the the name as the driver should be added
36 # to the sql instance.
38 # Driver specific options are:
41 # # Path to the sqlite database
42 # filename = "/tmp/freeradius.db"
44 # # How long to wait for write locks on the database to be
45 # # released (in ms) before giving up.
48 # # If the file above does not exist and bootstrap is set
49 # # a new database file will be created, and the SQL statements
50 # # contained within the bootstrap file will be executed.
51 # bootstrap = "${modconfdir}/${..:name}/main/sqlite/schema.sql"
55 # # If any of the files below are set, TLS encryption is enabled
57 # ca_file = "/etc/ssl/certs/my_ca.crt"
58 # ca_path = "/etc/ssl/certs/"
59 # certificate_file = "/etc/ssl/certs/private/client.crt"
60 # private_key_file = "/etc/ssl/certs/private/client.key"
61 # cipher = "DHE-RSA-AES256-SHA:AES128-SHA"
64 # # If yes, (or auto and libmysqlclient reports warnings are
65 # # available), will retrieve and log additional warnings from
66 # # the server if an error has occured. Defaults to 'auto'
72 # # unlike MySQL, which has a tls{} connection configuration, postgresql
73 # # uses its connection parameters - see the radius_db option below in
76 # # Send application_name to the postgres server
77 # # Only supported in PG 9.0 and greater. Defaults to no.
78 # send_application_name = yes
82 # The dialect of SQL you want to use, this should usually match
83 # the driver you selected above.
85 # If you're using rlm_sql_null, then it should be the type of
86 # database the logged queries are going to be executed against.
91 # server = "localhost"
94 # password = "radpass"
96 # Database table configuration for everything except Oracle
99 # If you are using Oracle then use this instead
100 # radius_db = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))"
102 # If you're using postgresql this can also be used instead of the connection info parameters
103 # radius_db = "dbname=radius host=localhost user=radius password=raddpass"
105 # If you want both stop and start records logged to the
106 # same SQL table, leave this as is. If you want them in
107 # different tables, put the start table in acct_table1
108 # and stop table in acct_table2
109 acct_table1 = "radacct"
110 acct_table2 = "radacct"
112 # Allow for storing data after authentication
113 postauth_table = "radpostauth"
115 # Tables containing 'check' items
116 authcheck_table = "radcheck"
117 groupcheck_table = "radgroupcheck"
119 # Tables containing 'reply' items
120 authreply_table = "radreply"
121 groupreply_table = "radgroupreply"
123 # Table to keep group info
124 usergroup_table = "radusergroup"
126 # If set to 'yes' (default) we read the group tables unless Fall-Through = no in the reply table.
127 # If set to 'no' we do not read the group tables unless Fall-Through = yes in the reply table.
130 # If set to 'yes' (default) we read profiles unless Fall-Through = no in the groupreply table.
131 # If set to 'no' we do not read profiles unless Fall-Through = yes in the groupreply table.
132 # read_profiles = yes
134 # Remove stale session if checkrad does not see a double login
135 delete_stale_sessions = yes
137 # Write SQL queries to a logfile. This is potentially useful for tracing
138 # issues with authorization queries.
139 # logfile = ${logdir}/sqllog.sql
141 # Set the maximum query duration and connection timeout
145 # As of version 3.0, the "pool" section has replaced the
146 # following configuration items:
149 # connect_failure_retry_delay
154 # The connection pool is new for 3.0, and will be used in many
155 # modules, for all kinds of connection-related activity.
157 # When the server is not threaded, the connection pool
158 # limits are ignored, and only one connection is used.
160 # If you want to have multiple SQL modules re-use the same
161 # connection pool, use "pool = name" instead of a "pool"
171 # # sql2 will use the connection pool from sql1
178 # Connections to create during module instantiation.
179 # If the server cannot create specified number of
180 # connections during instantiation it will exit.
181 # Set to 0 to allow the server to start without the
182 # database being available.
183 start = ${thread[pool].start_servers}
185 # Minimum number of connections to keep open
186 min = ${thread[pool].min_spare_servers}
188 # Maximum number of connections
190 # If these connections are all in use and a new one
191 # is requested, the request will NOT get a connection.
193 # Setting 'max' to LESS than the number of threads means
194 # that some threads may starve, and you will see errors
195 # like 'No connections available and at max connection limit'
197 # Setting 'max' to MORE than the number of threads means
198 # that there are more connections than necessary.
199 max = ${thread[pool].max_servers}
201 # Spare connections to be left idle
203 # NOTE: Idle connections WILL be closed if "idle_timeout"
204 # is set. This should be less than or equal to "max" above.
205 spare = ${thread[pool].max_spare_servers}
207 # Number of uses before the connection is closed
212 # The number of seconds to wait after the server tries
213 # to open a connection, and fails. During this time,
214 # no new connections will be opened.
217 # The lifetime (in seconds) of the connection
220 # idle timeout (in seconds). A connection which is
221 # unused for this length of time will be closed.
224 # NOTE: All configuration settings are enforced. If a
225 # connection is closed because of "idle_timeout",
226 # "uses", or "lifetime", then the total number of
227 # connections MAY fall below "min". When that
228 # happens, it will open a new connection. It will
229 # also log a WARNING message.
231 # The solution is to either lower the "min" connections,
232 # or increase lifetime/idle_timeout.
235 # Set to 'yes' to read radius clients from the database ('nas' table)
236 # Clients will ONLY be read on server startup.
239 # Table to keep radius client info
243 # The group attribute specific to this instance of rlm_sql
246 # This entry should be used for additional instances (sql foo {})
248 # group_attribute = "${.:instance}-SQL-Group"
250 # This entry should be used for the default instance (sql {})
252 group_attribute = "SQL-Group"
254 # Read database-specific queries
255 $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf