Logging the matched SQL-Group
Brian Candler
B.Candler at pobox.com
Thu Feb 24 13:23:49 CET 2011
Phil Mayers wrote:
> > When rlm_sql is running through each of a user's groups, the value
> > %{SQL-Group} is set for each iteration. However it's cleared at the end.
>
> I assume you're talking about the "authorize" method where it searches
> radgroupcheck/radgroupreply, rather than:
>
> if (SQL-Group == ...)
>
> ...yes?
That's right. I'm talking about step 5 at
http://wiki.freeradius.org/Rlm_sql#SQL_Schema_and_usage
It doesn't mention there that Sql-Group is set, but I found it in the source
(grep for PW_SQL_GROUP, attribute 1079)
> > Is there a straightforward way of doing this? Because I can't see one right
> > now...
>
> You could add:
>
> My-Matched-Group += GROUPNAME
>
> ...to the radgroupreply, then log this attribute?
Ah yes, of course - I can make a UNION query which always adds this
attribute, but the reply will only be appended if the group is matched. Or
I could do it in the radgroupcheck, to add a control attribute.
Cheers!
Brian.
More information about the Freeradius-Users
mailing list