Conditional radreply with Freeradius. Possible somehow ?
Alan DeKok
aland at deployingradius.com
Fri May 28 21:07:43 CEST 2010
Pere Hospital wrote:
> I have gone again through the SQL wiki. What I am not able to
> find anywhere (and think that it is what we exactly need) is how to
> emulate this behaviour of check/reply items that you can get via the
> users file. i.e. from users file:
The SQL schema is intended to mirror the "users" file. i.e. it can be
mapped *directly* from the "users" file.
> #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen"
> # Framed-IP-Address = 192.168.1.65,
> # Fall-Through = Yes
This becomes (roughly)
radcheck:
swilson Service-Type == Framed-User
swilson Huntgroup-Nmae == "alphen"
radreply:
swilson Framed-IP-Address = 192.168.1.65
swilson Fall-Through = Yes
> This is what I can't see how to do with sql module as radreply
> is related just to the username.
The radreply for the user is referenced *only* if the "radcheck"
entries for that user matched.
> From SQL Wiki :
>
> "In radreply, create entries for each user-specific radius reply
> attribute against their username" --> against their username and not
> username + nas-identifier i.e.).
>
> and again
>
> "If check attributes are found, and there's a match, pull the reply
> items from the radreply table for this user and add them to the reply "
> --> for this user, so again no info about this user+other
> requirements ...
The "check attributes are found" text is intended to *be* the "other
requirements"
> Well, rules are user + NAS based. A user will get a certain IP
> only if he connects to a certain NAS. And from what you say I assume
> that configuration files + sql can be used at the same time ?.
Yes.
All modules are independent.
Alan DeKok.
More information about the Freeradius-Users
mailing list