rlm_sql

acct_table1 = string

radacct

Used in conjunction with acct_table2. If you want both stop and start records logged to the same SQL table, leave the settings identical (default settings). If you want them in different tables, put the start table in acct_table1 and the stop table in acct_table2.

acct_table2 = string

radacct

Used in conjunction with acct_table1. If you want both stop and start records logged to the same SQL table, leave the settings identical (default settings). If you want them in different tables, put the start table in acct_table1 and the stop table in acct_table2.

authcheck_table = string

radcheck

In conjunction with groupcheck_table, tables containing check items.

authreply_table = string

radreply

In conjunction with groupreply_table, tables containing reply items.

deletestalesessions = boolean

yes

Removes stale session if checkrad does not see a double login.

dialect = string

mysql

The dialect of SQL you want to use; this should usually match the driver you selected above. If you’re using rlm_sql_null, then it should be the type of database against which the logged queries will be executed.

driver = string

rlm_sql_null

The submodule to use to execute queries. This should match the database to which you are attempting to connect: rlm_sql_mysql, rlm_sql_mssql, rlm_sql_oracle, rlm_sql_postgresql, or rlm_sql_null (log queries to disk).

groupcheck_table = string

radgroupcheck

In conjunction with authcheck_table, tables containing check items.

groupreply_table = string

radgroupreply

In conjunction with authreply_table, tables containing reply items.

login = string

radius

Connection info.

nas_table = string

nas

Table in which to keep radius client info.

password = string

radpass

Connection info.

port = integer

3306

Connection info.

postauth_table = string

radpostauth

Allows for storing data after authentication.

radius_db = string

radius

Database table configuration for everything except Oracle. If you are using Oracle then use the following default setting for radius_db: "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))"

readclients = boolean

yes

Set to yes to read radius clients from the database (nas table). Clients will ONLY be read on server startup. For performance and security reasons, finding clients via SQL queries CANNOT be done live while the server is running.

read_groups = boolean

yes

If set to yes (default) the group tables are read. If set to no, the user MUST have Fall-Through = Yes in the radreply table.

server = hostname

localhost

Connection info.

sqltrace = boolean

no

Prints all SQL statements when in debug mode (-x).

sqltracefile = string

${logdir}/sqltrace.sql

FIXME

usergroup_table = string

radusergroup

Table to keep group info.

pool { …​ }

A sub-section which manages connections to the database. See the pool documentation for more information.