ICRADIUS support, was: MySql Support

[ivan]

On Wed, Oct 25, 2000 at 01:36:41PM -0500, Joseph T Watson wrote:
> Hello
> 
> I am trying to figure out how the MySQL support works in freeside,

>From the rest of your message, I'm guessing you mean the ICRADIUS
(MySQL-enabled Cistron variant) support, not the MySQL "support" (the
standard database in which Freeside stores its data).

> and
> in what state it is in.  I have the latest CVS snapshot, and I am trying
> to figure it all out by looking at the code and reading what docs there
> are.

Well, you're on the right track.  ICRADIUS support is only in CVS right
now.  See the htdocs/docs/export.html and htdocs/docs/config.html files
for details.
 
> Here are my question.
> 
>     How is the MySQL support set up? Will it be just a add on to
> icradius (by this I mean, will it break radius.cgi,

Hmm, if radius.cgi changes the radcheck or radreply tables, those changes
will be lost.  When using the ICRADIUS export these files are generated
from the Freeside database.  Anything else radius.cgi does will probably
continue to work fine. 

> will it change the radius DataBase,

Freeside will export radcheck and radreply tables and export them to the
ICRADIUS machines.

> or will there just be some config telling it how to access the database
> as it is)??

You'd need to import your existing accounts; see htdocs/docs/legacy.html
There currently isn't any import for ICRADIUS databases; a patch to add
support for that to svc_acct.import would be welcome.

> I am hoping that the
> last one is true, because I don't see the same reporting capabilities
> in freeside, as there are in ICRadius's radius.cgi interface.

I cannot see why any reporting capabilites of radius.cgi wouldn't continue
to work fine.

>     Also what state is the MySQL support in, is there a working model,

Again, I assume you're talking about the ICRADIUS support, not MySQL
"support" (see above).  It's "unstable" in that it hasn't been included in
a stable release of Freeside yet, but I've personally deployed it at one
ISP - I imagine at least a couple other folks may be using it as well.

> if not where can I help?  My perl skills will be tested here, but I
> would like to help out with it if I can.

Sure; help would be most welcome.

> But mostly, if someone could give me a few pointer where to go next it
> would be great.
>
> I have all perl modules installed, freeside modules installed, -- now
> I need to setup the config files

See htdocs/docs/config.html

> and figure out the database stuff and
> how the freeside database will interact with the radius database. 

The Freeside database is used to generate radcheck and radreply tables,
which are exported to your ICRADIUS machines.

> Also I read that it was advised that freeside runs on a separate machine
> then radius??

Absolutely.

> Why?

For security reasons.

> My hole setup will be behind a firewall and not accessible form the
> outside, so is this needed.

A "firewall" is not magic.  Your terminal servers *have* to be able to
talk to your RADIUS servers, by the very nature of RADIUS.  However, your
terminal servers *don't* have to talk to your Freeside machine, so it can
be placed behind a more restritive firewall.

For example, with Freeside and RADIUS on the same machine, given a
vulnerability in a terminal server, and a vulnerability in MySQL (both not
unheard of phenominon), a user can gain access to Freeside machine and
thus the names/credit cards of your customers, etc.

On the other hand, if Freeside is properly isolated on its own machine,
given the same vulnerabilities, a user can gain access to the RADIUS
server, but cannot gain access to the Freeside machine and thus your
customer names/credit cards.

-- 
meow
_ivan