Additional Restrictions for users
William Burnett
burnett.w at gmail.com
Mon Sep 27 19:59:02 CEST 2010
Alan,
Thanks that helped I've got the conditions to match. However I've
setup multiple groups:
ssh-admin
ssh-read
ssh-write
and want to use a regexp to match anything containing ssh-* to allow
those users to authenticate instead of multiple lines matching each
value. Can I use regex matching with SQL-Group ?
The following seems to be evaluated as "ssh.*" and not anything
containing "ssh......"
if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) {
.....reject.... }
Sincerely,
William Burnett
burnett.w at gmail.com
On Sat, Sep 25, 2010 at 12:09 AM, Alan DeKok <aland at deployingradius.com> wrote:
> William Burnett wrote:
>> What is the best way to go about this? I was trying to use unlang to
>> query my database but can't seem to get the syntax right.
>
> The "sql" module queries databases.
>
> ...
>> if ( %{group_membership_query} == "ssh") {
>
> This won't do what you want. Instead, use
>
> if (SQL-Group == "ssh") {
>
> This is documented in raddb/sql.conf.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list