I’m trying to configure FreeRADIUS on pfSense while using MySQL as the backend for user authentication. I need guidance on which tables are essential for storing user accounts and related configurations accurately.
I understand that FreeRADIUS requires specific table formats to manage user credentials and access rights effectively. Since I’m using MySQL on a Windows server, I want to ensure I’ve set up all necessary tables for the RADIUS authentication process to function properly.
Could someone clarify which database tables I should establish and outline their fundamental structure? I want to ensure that I include all pertinent tables that FreeRADIUS needs when it queries the MySQL database for authentication purposes.
When setting up FreeRADIUS with MySQL, focus on establishing the essential tables: radcheck, radreply, radgroupcheck, radgroupreply, and radusergroup. My experience shows that these tables are crucial for managing user credentials and group access. The radcheck table is specifically for user credentials, while radreply holds the responses following successful authentication. Don’t forget the radacct table for accounting logs and radpostauth to trace authentication attempts, which can be quite useful for monitoring purposes. Ensure your MySQL user has the necessary permissions, and double-check that sql.conf aligns with your MySQL server settings.
just did this setup last month and hit a few snags. grab the schema files from the freeradius source - they’re in raddb/mods-config/sql/main/mysql/. don’t forget the nas table for client management (wasn’t mentioned above). double-check your mysql connection settings in the sql module config too. i had auth failures because of wrong socket paths on windows.
Table structure is huge when you’re mapping attributes. Don’t just focus on the core tables - radcheck and radreply attribute definitions have to match exactly what FreeRADIUS expects. I got burned by auth issues because my attribute column wasn’t set up right for different password types (User-Password vs Cleartext-Password). Also, radacct table structure changes between FreeRADIUS versions, so double-check you’re using the schema that matches your install. And don’t forget proper indexes on these tables - especially radacct if you’re pushing high volumes of accounting data.