Subversion Repositories ALCASAR

Rev

Details | Last modification | View Log

Rev Author Line No. Line
1 root 1
# -*- text -*-
2
##
3
## dialup.conf -- MySQL configuration for default schema (schema.sql)
4
##
5
##	$Id: dialup.conf 983 2012-08-16 13:34:14Z franck $
6
 
7
	# Safe characters list for sql queries. Everything else is replaced
8
	# with their mime-encoded equivalents.
9
	# The default list should be ok
10
	#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
11
 
12
	#######################################################################
13
	#  Query config:  Username
14
	#######################################################################
15
	# This is the username that will get substituted, escaped, and added
16
	# as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used below
17
	# everywhere a username substitution is needed so you you can be sure
18
	# the username passed from the client is escaped properly.
19
	#
20
	#  Uncomment the next line, if you want the sql_user_name to mean:
21
	#
22
	#    Use Stripped-User-Name, if it's there.
23
	#    Else use User-Name, if it's there,
24
	#    Else use hard-coded string "DEFAULT" as the user name.
25
	#sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
26
	#
27
	sql_user_name = "%{User-Name}"
28
 
29
	#######################################################################
30
	#  Default profile
31
	#######################################################################
32
	# This is the default profile. It is found in SQL by group membership.
33
	# That means that this profile must be a member of at least one group
34
	# which will contain the corresponding check and reply items.
35
	# This profile will be queried in the authorize section for every user.
36
	# The point is to assign all users a default profile without having to
37
	# manually add each one to a group that will contain the profile.
38
	# The SQL module will also honor the User-Profile attribute. This
39
	# attribute can be set anywhere in the authorize section (ie the users
40
	# file). It is found exactly as the default profile is found.
41
	# If it is set then it will *overwrite* the default profile setting.
42
	# The idea is to select profiles based on checks on the incoming packets,
43
	# not on user group membership. For example:
44
	# -- users file --
45
	# DEFAULT	Service-Type == Outbound-User, User-Profile := "outbound"
46
	# DEFAULT	Service-Type == Framed-User, User-Profile := "framed"
47
	#
48
	# By default the default_user_profile is not set
49
	#
983 franck 50
	default_user_profile = "ldap"
1 root 51
 
52
	#######################################################################
53
	#  NAS Query
54
	#######################################################################
55
	#  This query retrieves the radius clients
56
	#
57
	#  0. Row ID (currently unused)
58
	#  1. Name (or IP address)
59
	#  2. Shortname
60
	#  3. Type
61
	#  4. Secret
62
	#######################################################################
63
 
64
	nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
65
 
66
	#######################################################################
67
	#  Authorization Queries
68
	#######################################################################
69
	#  These queries compare the check items for the user
70
	#  in ${authcheck_table} and setup the reply items in
71
	#  ${authreply_table}.  You can use any query/tables
72
	#  you want, but the return data for each row MUST
73
	#  be in the  following order:
74
	#
75
	#  0. Row ID (currently unused)
76
	#  1. UserName/GroupName
77
	#  2. Item Attr Name
78
	#  3. Item Attr Value
79
	#  4. Item Attr Operation
80
	#######################################################################
81
	# Use these for case sensitive usernames.
82
	authorize_check_query = "SELECT id, username, attribute, value, op \
83
         FROM ${authcheck_table} \
84
         WHERE username = BINARY '%{SQL-User-Name}' \
85
         ORDER BY id"
86
	authorize_reply_query = "SELECT id, username, attribute, value, op \
87
         FROM ${authreply_table} \
88
         WHERE username = BINARY '%{SQL-User-Name}' \
89
         ORDER BY id"
90
 
91
	# The default queries are case insensitive. (for compatibility with
92
	# older versions of FreeRADIUS)
93
#	authorize_check_query = "SELECT id, username, attribute, value, op \
94
#          FROM ${authcheck_table} \
95
#          WHERE username = '%{SQL-User-Name}' \
96
#          ORDER BY id"
97
#	authorize_reply_query = "SELECT id, username, attribute, value, op \
98
#          FROM ${authreply_table} \
99
#          WHERE username = '%{SQL-User-Name}' \
100
#          ORDER BY id"
101
 
102
	# Use these for case sensitive usernames.
103
	group_membership_query = "SELECT groupname \
104
         FROM ${usergroup_table} \
105
         WHERE username = BINARY '%{SQL-User-Name}' \
106
         ORDER BY priority"
107
 
108
#	group_membership_query = "SELECT groupname \
109
#          FROM ${usergroup_table} \
110
#          WHERE username = '%{SQL-User-Name}' \
111
#          ORDER BY priority"
112
 
113
	authorize_group_check_query = "SELECT id, groupname, attribute, \
114
          Value, op \
115
          FROM ${groupcheck_table} \
116
          WHERE groupname = '%{Sql-Group}' \
117
          ORDER BY id"
118
	authorize_group_reply_query = "SELECT id, groupname, attribute, \
119
          value, op \
120
          FROM ${groupreply_table} \
121
          WHERE groupname = '%{Sql-Group}' \
122
          ORDER BY id"
123
 
124
	#######################################################################
125
	#  Accounting Queries
126
	#######################################################################
127
	# accounting_onoff_query	- query for Accounting On/Off packets
128
	# accounting_update_query	- query for Accounting update packets
129
	# accounting_update_query_alt	- query for Accounting update packets
130
	#                               (alternate in case first query fails)
131
	# accounting_start_query	- query for Accounting start packets
132
	# accounting_start_query_alt	- query for Accounting start packets
133
	#                               (alternate in case first query fails)
134
	# accounting_stop_query		- query for Accounting stop packets
135
	# accounting_stop_query_alt	- query for Accounting start packets
136
	#                               (alternate in case first query doesn't
137
	#                                affect any existing rows in the table)
138
	#######################################################################
139
	accounting_onoff_query = "\
140
          UPDATE ${acct_table1} \
141
          SET \
142
             acctstoptime       =  '%S', \
143
             acctsessiontime    =  unix_timestamp('%S') - \
144
                                   unix_timestamp(acctstarttime), \
145
             acctterminatecause =  '%{Acct-Terminate-Cause}', \
146
             acctstopdelay      =  %{%{Acct-Delay-Time}:-0} \
147
          WHERE acctstoptime IS NULL \
148
          AND nasipaddress      =  '%{NAS-IP-Address}' \
149
          AND acctstarttime     <= '%S'"
150
 
151
	accounting_update_query = " \
152
          UPDATE ${acct_table1} \
153
          SET \
154
             framedipaddress = '%{Framed-IP-Address}', \
155
             acctsessiontime     = '%{Acct-Session-Time}', \
156
             acctinputoctets     = '%{%{Acct-Input-Gigawords}:-0}'  << 32 | \
157
                                   '%{%{Acct-Input-Octets}:-0}', \
158
             acctoutputoctets    = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
159
                                   '%{%{Acct-Output-Octets}:-0}' \
160
          WHERE acctsessionid = '%{Acct-Session-Id}' \
161
          AND username        = '%{SQL-User-Name}' \
162
          AND nasipaddress    = '%{NAS-IP-Address}'"
163
 
164
        accounting_update_query_alt = " \
165
          INSERT INTO ${acct_table1} \
166
            (acctsessionid,    acctuniqueid,      username, \
167
             realm,            nasipaddress,      nasportid, \
168
             nasporttype,      acctstarttime,     acctsessiontime, \
169
             acctauthentic,    connectinfo_start, acctinputoctets, \
170
             acctoutputoctets, calledstationid,   callingstationid, \
171
             servicetype,      framedprotocol,    framedipaddress, \
172
             acctstartdelay,   xascendsessionsvrkey) \
173
          VALUES \
174
            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
175
             '%{SQL-User-Name}', \
176
             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
177
             '%{NAS-Port-Type}', \
178
             DATE_SUB('%S', \
179
                      INTERVAL (%{%{Acct-Session-Time}:-0} + \
180
                                %{%{Acct-Delay-Time}:-0}) SECOND), \
181
                      '%{Acct-Session-Time}', \
182
             '%{Acct-Authentic}', '', \
183
             '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
184
             '%{%{Acct-Input-Octets}:-0}', \
185
             '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
186
             '%{%{Acct-Output-Octets}:-0}', \
187
             '%{Called-Station-Id}', '%{Calling-Station-Id}', \
188
             '%{Service-Type}', '%{Framed-Protocol}', \
189
             '%{Framed-IP-Address}', \
190
             '0', '%{X-Ascend-Session-Svr-Key}')"
191
 
192
	accounting_start_query = " \
193
          INSERT INTO ${acct_table1} \
194
            (acctsessionid,    acctuniqueid,     username, \
195
             realm,            nasipaddress,     nasportid, \
196
             nasporttype,      acctstarttime,    acctstoptime, \
197
             acctsessiontime,  acctauthentic,    connectinfo_start, \
198
             connectinfo_stop, acctinputoctets,  acctoutputoctets, \
199
             calledstationid,  callingstationid, acctterminatecause, \
200
             servicetype,      framedprotocol,   framedipaddress, \
201
             acctstartdelay,   acctstopdelay,    xascendsessionsvrkey) \
202
          VALUES \
203
            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
204
             '%{SQL-User-Name}', \
205
             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
206
             '%{NAS-Port-Type}', '%S', NULL, \
207
             '0', '%{Acct-Authentic}', '%{Connect-Info}', \
208
             '', '0', '0', \
209
             '%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
210
             '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
211
             '%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
212
 
213
	accounting_start_query_alt  = " \
214
          UPDATE ${acct_table1} SET \
215
             acctstarttime     = '%S', \
216
             acctstartdelay    = '%{%{Acct-Delay-Time}:-0}', \
217
             connectinfo_start = '%{Connect-Info}' \
218
          WHERE acctsessionid  = '%{Acct-Session-Id}' \
219
          AND username         = '%{SQL-User-Name}' \
220
          AND nasipaddress     = '%{NAS-IP-Address}'"
221
 
222
	accounting_stop_query = " \
223
          UPDATE ${acct_table2} SET \
224
             acctstoptime       = '%S', \
225
             acctsessiontime    = '%{Acct-Session-Time}', \
226
             acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
227
                                  '%{%{Acct-Input-Octets}:-0}', \
228
             acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
229
                                  '%{%{Acct-Output-Octets}:-0}', \
230
             acctterminatecause = '%{Acct-Terminate-Cause}', \
231
             acctstopdelay      = '%{%{Acct-Delay-Time}:-0}', \
232
             connectinfo_stop   = '%{Connect-Info}' \
233
          WHERE acctsessionid   = '%{Acct-Session-Id}' \
234
          AND username          = '%{SQL-User-Name}' \
235
          AND nasipaddress      = '%{NAS-IP-Address}'"
236
 
237
	accounting_stop_query_alt = " \
238
          INSERT INTO ${acct_table2} \
239
            (acctsessionid, acctuniqueid, username, \
240
             realm, nasipaddress, nasportid, \
241
             nasporttype, acctstarttime, acctstoptime, \
242
             acctsessiontime, acctauthentic, connectinfo_start, \
243
             connectinfo_stop, acctinputoctets, acctoutputoctets, \
244
             calledstationid, callingstationid, acctterminatecause, \
245
             servicetype, framedprotocol, framedipaddress, \
246
             acctstartdelay, acctstopdelay) \
247
          VALUES \
248
            ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
249
             '%{SQL-User-Name}', \
250
             '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', \
251
             '%{NAS-Port-Type}', \
252
             DATE_SUB('%S', \
253
                 INTERVAL (%{%{Acct-Session-Time}:-0} + \
254
                 %{%{Acct-Delay-Time}:-0}) SECOND), \
255
             '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', \
256
             '%{Connect-Info}', \
257
             '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
258
             '%{%{Acct-Input-Octets}:-0}', \
259
             '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
260
             '%{%{Acct-Output-Octets}:-0}', \
261
             '%{Called-Station-Id}', '%{Calling-Station-Id}', \
262
             '%{Acct-Terminate-Cause}', \
263
             '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
264
             '0', '%{%{Acct-Delay-Time}:-0}')"
265
 
266
	#######################################################################
267
	# Simultaneous Use Checking Queries
268
	#######################################################################
269
	# simul_count_query	- query for the number of current connections
270
	#			- If this is not defined, no simultaneouls use checking
271
	#			- will be performed by this module instance
272
	# simul_verify_query	- query to return details of current connections for verification
273
	#			- Leave blank or commented out to disable verification step
274
	#			- Note that the returned field order should not be changed.
275
	#######################################################################
276
 
277
	# Uncomment simul_count_query to enable simultaneous use checking
278
	simul_count_query = "SELECT COUNT(*) \
279
                             FROM ${acct_table1} \
280
                             WHERE username = '%{SQL-User-Name}' \
281
                             AND acctstoptime IS NULL"
282
 
283
	#simul_verify_query  = "SELECT radacctid, acctsessionid, username, \
284
                               #nasipaddress, nasportid, framedipaddress, \
285
                               #callingstationid, framedprotocol \
286
                               #FROM ${acct_table1} \
287
                               #WHERE username = '%{SQL-User-Name}' \
288
                               #AND acctstoptime IS NULL"
289
 
290
	#######################################################################
291
	# Authentication Logging Queries
292
	#######################################################################
293
	# postauth_query		- Insert some info after authentication
294
	#######################################################################
295
#                          (username, pass, reply, authdate) \
296
#                          '%{%{User-Password}:-%{Chap-Password}}', \
297
 
298
	postauth_query = "INSERT INTO ${postauth_table} \
299
                          (username, reply, authdate) \
300
                          VALUES ( \
301
                          '%{User-Name}', \
302
                          '%{reply:Packet-Type}', '%S')"
303