huntgroups/groups with sql

Michel Jansens michel.jansens at ulb.ac.be
Thu Jul 28 11:12:20 CEST 2005


Hi,

I want to use FR to control the access to different ressources (radius clients).
I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to Client-IP-Address and put the users in their groups in 'usergroup'.
Some users are in more than one group, but they can only access to the first matching group defined in 'radgroupcheck'.
Tryed to add  'Fall-Through = Yes' to all 'radgroupcheck' entries, but it didn't work.

Now I've found a workaround:

I added a column  'groupIPaddr' varchar(15)  in 'radgroupcheck'. I put there the Client-IP-Address 

and changed the query in sql.conf to:

authorize_group_check_query = "SELECT  
    ${groupcheck_table}.id,${groupcheck_table}.GroupName,
    ${groupcheck_table}.Attribute,${groupcheck_table}.Value,
    ${groupcheck_table}.op  
  FROM ${groupcheck_table},${usergroup_table} 
  WHERE ${groupcheck_table}.groupIPaddr ='%{Client-IP-Address}' AND  
    ${usergroup_table}.Username = '%{SQL-User-Name}' AND 
    ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName 
  ORDER BY ${groupcheck_table}.id"

Now My users have access to all their authorized nasses whatever the order of definition of the groups.

Was there an easier/more standard way of doing?


Michel
 




More information about the Freeradius-Users mailing list