Additional Restrictions for users
Alexander Clouter
alex at digriz.org.uk
Mon Sep 27 20:41:01 CEST 2010
William Burnett <burnett.w at gmail.com> wrote:
>
> Thanks that helped I've got the conditions to match. However I've
> setup multiple groups:
>
> ssh-admin
> ssh-read
> ssh-write
>
> and want to use a regexp to match anything containing ssh-* to allow
> those users to authenticate instead of multiple lines matching each
> value. Can I use regex matching with SQL-Group ?
>
> The following seems to be evaluated as "ssh.*" and not anything
> containing "ssh......"
>
> if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) {
> .....reject.... }
>
Does not work like that. You will need to construct a SQL xlat
statement that does the check for you, so:
----
if ("%{sql:SELECT ....}" ....) {
----
or however SQL modules function, I'm an LDAP man myself.
Cheers
--
Alexander Clouter
.sigmonster says: Are you a turtle?
More information about the Freeradius-Users
mailing list