source: npl/commonservers/radius/raddb/mssql.conf @ c5c522c

#
#  Configuration for the SQL module, when using MSSQL.
#
#  The database schema is available at:
#
#       doc/examples/mssql.sql
#
#  $Id: mssql.conf,v 1.6.4.1 2006/02/04 14:53:44 nbk Exp $
#
sql {

        # Database type
        # Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
        # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc
        driver = "rlm_sql_unixodbc"

        # Connect info
        server = "localhost"
        login = "root"
        password = "rootpass"

        # Database table configuration
        radius_db = "radius"

        # If you want both stop and start records logged to the
        # same SQL table, leave this as is.  If you want them in
        # different tables, put the start table in acct_table1
        # and stop table in acct_table2
        acct_table1 = "radacct"
        acct_table2 = "radacct"

        authcheck_table = "radcheck"
        authreply_table = "radreply"

        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"

        usergroup_table = "usergroup"

        # Remove stale session if checkrad does not see a double login
        deletestalesessions = yes

        # Print all SQL statements when in debug mode (-x)
        sqltrace = no
        sqltracefile = ${logdir}/sqltrace.sql

        # number of sql connections to make to server
        num_sql_socks = 5

        # Safe characters list for sql queries. Everything else is replaced
        # with their mime-encoded equivalents.
        # The default list should be ok
        #safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"

        #######################################################################
        #  Query config:  Username
        #######################################################################
        # This is the username that will get substituted, escaped, and added
        # as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used
        # below everywhere a username substitution is needed so you you can
        # be sure the username passed from the client is escaped properly.
        #
        # Uncomment the next line, if you want the sql_user_name to mean:
        #
        #    Use Stripped-User-Name, if it's there.
        #    Else use User-Name, if it's there,
        #    Else use hard-coded string "none" as the user name.
        #sql_user_name = "%{Stripped-User-Name:-%{User-Name:-none}}"
        #
        sql_user_name = "%{User-Name}"


        #######################################################################
        #  Authorization Queries
        #######################################################################
        #  These queries compare the check items for the user
        #  in ${authcheck_table} and setup the reply items in
        #  ${authreply_table}.  You can use any query/tables
        #  you want, but the return data for each row MUST
        #  be in the  following order:
        #
        #  0. Row ID (currently unused)
        #  1. UserName/GroupName
        #  2. Item Attr Name
        #  3. Item Attr Value
        #  4. Item Attr Operation
        #######################################################################
        # Query for case sensitive usernames was removed. Please contact with me,
        # if you know analog of STRCMP functions for MS SQL.

        authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
        authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"

        authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op  FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
        authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op  FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"


        #######################################################################
        #  Accounting Queries
        #######################################################################
        # accounting_onoff_query        - query for Accounting On/Off packets
        # accounting_update_query       - query for Accounting update packets
        # accounting_update_query_alt   - query for Accounting update packets
        #                               (alternate in case first query fails)
        # accounting_start_query        - query for Accounting start packets
        # accounting_start_query_alt    - query for Accounting start packets
        #                               (alternate in case first query fails)
        # accounting_stop_query         - query for Accounting stop packets
        # accounting_stop_query_alt     - query for Accounting start packets
        #                               (alternate in case first query doesn't
        #                                affect any existing rows in the table)
        #######################################################################
        accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"

        accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0"

        accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"

        # accounting_start_query: Inserting of RadAcctId and AcctStopTime was
        # removed. These fields are processing by a database
        accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '%S', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"

        accounting_start_query_alt  = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"

        accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"

        # accounting_stop_query_alt: Inserting of RadAcctId and AcctStartTime was
        # removed. These fields are processing by a database
        accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"

}