{control:SQL-Group} in post-auth
Ivan Kalik
tnt at kalik.net
Tue Oct 20 20:18:30 CEST 2009
> Ok, we can see that because ###if ( SQL-Group == my_pool ) ### - so,
> radius try to use new SQL query to sql DB.. But why? In this point
> radius knows that user had been found in group my_pool - see ###point
> 1###.
And what if user belongs to more than one group? What value should
SQL-Group have then?
SQL-Group and Ldap-Group are not "true" attributes but are used for
comparing values instead. SQL-Group is internally used by sql module
(instances) but is not placed on the attribute list, nor is a list of
found groups made. It's just used for radgroupcheck/radgroupreply queries.
That is because there is no requirement to use sql in authorize (that's
when sql module test group membership) - you can use SQL-Group without
listing sql there (if it's not listed anywhere you need to list sql in
instantiate).
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list