#
# The database schema is available at:
#
-# src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_postgresql/db_postgresql.sql
+# doc/examples/postgresql.sql
#
sql {
# Database type
- # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, rlm_sql_iodbc, rlm_sql_oracle
+ # Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
+ # rlm_sql_unixodbc, rlm_sql_oracle.
driver = "rlm_sql_postgresql"
# Connect info
server = "localhost"
- # The following credentials will most likely work on a default install of Postgresql
- # If they do work however, it means that you have a HUGE GAPING SECURITY RISK on your
- # server! Please change the "postgres" users password and setup a separate radius user.
+
+ # The following credentials will most likely work on a default
+ # install of Postgresql. If they do work however, it means that
+ # you have a HUGE GAPING SECURITY RISK on your server! Please
+ # change the "postgres" users password and setup a separate
+ # radius user.
login = "postgres"
password = ""
-
+
# Database table configuration
radius_db = "radius"
-
+
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
-
+
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
-
+
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
-
+
# Table to keep group info
usergroup_table = "usergroup"
# If set to 'yes' (default) we read the group tables
- # If set to 'no' the user MUST have Fall-Through = Yes in the radreply table
- #read_groups = yes
+ # If set to 'no' the user MUST have Fall-Through = Yes
+ # in the radreply table
+# read_groups = yes
# Table to keep radius client info
nas_table = "nas"
# Set to 'yes' to read radius clients from the database ('nas' table)
- #readclients = yes
+# readclients = yes
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
#######################################################################
# Query config: Username
#######################################################################
- # This is the username that will get substituted, escaped, and added
- # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
- # everywhere a username substitution is needed so you you can be sure
- # the username passed from the client is escaped properly.
+ # This is the username that will get substituted, escaped, and added
+ # as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used
+ # below everywhere a username substitution is needed so you you can
+ # be sure the username passed from the client is escaped properly.
#
- # Uncomment the next line, if you want the sql_user_name to mean:
+ # Uncomment the next line, if you want the sql_user_name to mean:
#
# Use Stripped-User-Name, if it's there.
# Else use User-Name, if it's there,
#######################################################################
# Default profile
#######################################################################
- # This is the default profile. It is found in SQL by group membership.
+ # This is the default profile. It is found in SQL by group membership.
# That means that this profile must be a member of at least one group
# which will contain the corresponding check and reply items.
# This profile will be queried in the authorize section for every user.
# attribute can be set anywhere in the authorize section (ie the users
# file). It is found exactly as the default profile is found.
# If it is set then it will *overwrite* the default profile setting.
- # The idea is to select profiles based on checks on the incoming packets,
- # not on user group membership. For example:
+ # The idea is to select profiles based on checks on the incoming
+ # packets, not on user group membership. For example:
# -- users file --
# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
- # in ${authcheck_table} and setup the reply items in
+ # in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
- # you want, but the return data for each row MUST
+ # you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
#######################################################################
# Accounting Queries
#######################################################################
- # accounting_onoff_query - query for Accounting On/Off packets
- # accounting_update_query - query for Accounting update packets
- # accounting_update_query_alt - query for Accounting update packets
+ # accounting_onoff_query - query for Accounting On/Off packets
+ # accounting_update_query - query for Accounting update packets
+ # accounting_update_query_alt - query for Accounting update packets
# (alternate in case first query fails)
- # accounting_start_query - query for Accounting start packets
- # accounting_start_query_alt - query for Accounting start packets
+ # accounting_start_query - query for Accounting start packets
+ # accounting_start_query_alt - query for Accounting start packets
# (alternate in case first query fails)
- # accounting_stop_query - query for Accounting stop packets
- # accounting_stop_query_alt - query for Accounting start packets
+ # accounting_stop_query - query for Accounting stop packets
+ # accounting_stop_query_alt - query for Accounting start packets
# (alternate in case first query doesn't
# affect any existing rows in the table)
#######################################################################
-
+
accounting_onoff_query = "UPDATE ${acct_table1} \
SET AcctStopTime = (now() - '%{Acct-Delay-Time:-0}'::interval), \
AcctSessionTime = (EXTRACT(EPOCH FROM (now()::timestamp with time zone - AcctStartTime::timestamp with time zone \
# postauth_query - Insert some info after authentication
#######################################################################
postauth_query = "INSERT INTO ${postauth_table} (username, pass, reply, authdate) \
- values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
+ VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
}