SQL for return attributes only?
Phil Mayers
p.mayers at imperial.ac.uk
Sat Apr 28 14:32:54 CEST 2007
Hugh Messenger wrote:
> ObDisclaimer: I have googled my best google, and read all the docs I can
> find, so please be gentle if this is a dumb question.
>
>
>
> Is it possible with freeradius to use SQL to retrieve certain return
> attributes (in this case rate limiting values for PPPOE sessions),
> whilst still handling authentication through PAM?
Yes.
However, in the current code there must be *something* that matches in
the radcheck or radgroupcheck table for the user/group, else the
radreply/radgrouprelpy table won't be used.
Maybe easiest to put this in radcheck:
insert into radcheck (username,attribute,op,value) values (
'theuser',
'Pam-Auth',
':=',
'thepamservice'
)
...then put your per-user attributes in radreply.
Alternatively you could defined a local attribute in the dictionary:
Attribute My-Fake-Item 3000 string
...and set that. There are probably cleaner ways to do it using SQL
groups and/or the "search on not found" / default profile stuff, but I
must admit to not groking that part of the 1.1 SQL code.
More information about the Freeradius-Users
mailing list