Fwd: Returning group name as 'Class' attribute on successful auth replies
Raoul Duke
rduke496 at gmail.com
Fri Nov 15 14:58:03 CET 2013
Hi,
I have many user groups and it needs to be straightfowa. I need to
return the group name in the 'Class' attribute of a successful auth
reply.
At the moment I'm doing this via radgroupreply.
INSERT INTO `radgroupreply` VALUES (1,'foo','Class','=','foo');
INSERT INTO `radgroupreply` VALUES (2,'bar','Class','=','bar');
...
While this works fine it seems redundant to manage a table like this
where every group is just mapped to itself just to accomplish the
'Class' attribute being returned for each. I'm prepared to do this if
it is the recommended way,of course, I'm really just trying to
ascertain what the best/correct approach is here.
What options do I have to make the returning of the 'Class' attribute
implicit behavior?
Does radgroupreply accept wildcards? Or can this be made implicit
with ah an entry in some other table?
If not, then would it be reasonable to go down the road outlined in this thread:
http://freeradius.1045715.n5.nabble.com/Reply-with-group-attribute-td2781054.html
i.e. a post-auth (config file) config which adds in the Class to the
reply. If so then what would that config look like - I'm unclear as
to what the group what be named when it comes back from the SQL
back-end. Would it be "Group", "GroupName" or some other?
Or is there a better way than any of the above? If so please just
give me a pointer.
Thanks.
More information about the Freeradius-Users
mailing list