SQL statement in radcheck

Ljupco Vangelski ljupco.vangelski at gmail.com
Tue Sep 2 09:54:21 CEST 2008


Hello,
I'm trying to allow a user to log in from few Calling-Station-Ids, but 
to load them at run-time (read them from mysql table). For that I'm 
trying to use sql statement in radcheck, but it doesn't seem to be working.

Here is a simplified example (mysql, table radcheck):

     UserName..........Attribute..............op..........Value
(1) test                    Calling-Station-Id  ==         
001122334455                              (is working)
(2) test                    Calling-Station-Id  ==         %{sql:select 
"001122334455";}    (is not working)

     UserName..........Attribute..............op..........Value
(1) test                    Calling-Station-Id  =~         
(001122334455|554433221100)                              (is working)
(2) test                    Calling-Station-Id  =~         %{sql:select 
"(001122334455|554433221100)";}    (is not working)

I've tried this with freeradius 1.1.6 and 1.1.7, with the 
Calling-Station-Id Attribute set accordingly by the RadiusClient, but in 
case (1) the user is granted access, and in case (2) user is not granted 
access. The sql statement is interpreted successfully by the freeradius 
when it is in the Reply-Message in RADREPLY, for example:
     (table: RADREPLY)
     UserName..........Attribute..............op..........Value
(1) test                    Reply-Message     =          %{sql:select 
"(001122334455|554433221100)";}
is sending reply to the RadiusClient:
Reply-Message = "(001122334455|554433221100)"

Can sql statements be used to compare against the Attribute Value in 
CHECK statements, like in the cases (2) above?

Thanks,

-- 
Ljupco




More information about the Freeradius-Users mailing list