Make sense of SQL Huntgroup HOWTO?

Alan DeKok aland at deployingradius.com
Fri Dec 18 18:36:47 CET 2015


On Dec 18, 2015, at 12:31 PM, Joel Bergmark <joel.bergmark at t3.se> wrote:
> 
> Thank you for the help! Indeed this looks more simplistic and nice! :)
> 
> Everything is in the SQL, necessary since using daloradius as fronted.

 OK.

> Just a follow up on: 	
> 	if ((Huntgroup-Name == "2ndline") && (SQL-Group != "2ndline")) {
> 		reject
> 	}
> How to determine the 'SQL-Group' in  a simple way? Tried it as is to see how it behaved, and got:

  What's "how to determine"?  As I said, you put the user / group into SQL.  The SQL module has documentation for how this is done.

> +- entering group authorize {...}
> sql_xlat
>        expand: %{User-Name} -> bl
> sql_set_user escaped user --> 'bl'
>        expand: SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}' -> SELECT groupname FROM radhuntgroup WHERE nasipaddress='46.23X.XX.170'
> rlm_sql (sql): Reserving sql socket id: 3
> sql_xlat finished
> rlm_sql (sql): Released sql socket id: 3
>        expand: %{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'} -> 3rdline

  That's pretty clear.

> ++[request] returns not found
> ++? if ((Huntgroup-Name == "2ndline") && (SQL-Group != "2ndline"))
> ?? Evaluating (Huntgroup-Name == "2ndline") -> FALSE

  Because it's '3rdline'

> ?? Skipping (SQL-Group != "2ndline")
> ++? if ((Huntgroup-Name == "2ndline") && (SQL-Group != "2ndline")) -> FALSE
> ++[chap] returns noop

  And it's not checking SQL-Group.  Because the Huntgroup-Name doesn't match.

  Reading the debug output helps.

  Alan DeKok.




More information about the Freeradius-Users mailing list