FreeRADIUS, MySQL and usergroups again
Michael Schwartzkopff
misch at multinet.de
Thu May 11 17:15:44 CEST 2006
Am Donnerstag, 11. Mai 2006 17:38 schrieb Christopher Carver:
> If you want to use rlm_sql you do this with the tables radius.usergroup
> and radius.radgroupcheck. In radius.radgroupcheck you'd have something
> like this:
>
> +----+---------------+-----------+----+--------+
>
> | id | GroupName | Attribute | op | Value |
>
> +----+---------------+-----------+----+--------+
>
> | 1 | RASUser | Auth-Type | := | system |
>
> Then in radius.usergroup for each user you want in this group you'll
> have a row like this:
>
> +--------+----------+---------------+
>
> | id | UserName | GroupName |
>
> +--------+----------+---------------+
>
> | 39747 | thisuser | RASUser |
>
> That pasted rather ugly, but I think you should get the point. Using
> sql eliminates the need for the users file to be able to do what you
> asked about. Let me know if this doesn't answer your question.
>
> Chris Carver
Thanks for your answer. But I think this is not quite what I was looking for.
I want to administer the passwords in MySQL, not in the system, so I need
Auth-Type := Local. And this authenticates every user that is in the
database, not only these in the specific group. I solved it adding
DEFAULT Group !="RASUser", Auth-Type := Reject
in my files.
--
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn
Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75
PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060511/9c08a79e/attachment.pgp>
More information about the Freeradius-Users
mailing list