Variable expansion for SQL attributes

Matthew Newton mcn4 at leicester.ac.uk
Fri Dec 9 15:52:00 CET 2016


On Fri, Dec 09, 2016 at 03:24:35PM +0100, Javier Matos Odut wrote:
> I have FreeRADIUS running with a sql database in production. I am using the
> sql database to set user's check and reply attributes. The problem I have
> is that there are some attributes that I need to set them at runtime
> depending on the NAS identity (or any other FreeRADIUS variable), so I have
> to edit the configuration file and add something like this:
> 
> if (...) {
>   update control {
>     Pool-Name := "%{NAS-Identifier}"
>   }
> }
>
> Please, ignore the fact that I am updating the Pool-Name attribute. It is
> just an example but it has sense in my case to let users switch between NAS
> and IP pools automatically.

So you want to dynamically set NAS-Identifier here? or Pool-Name?

> I want to be able to use variables in attributes column (for radcheck,
> radreply, radgroupcheck, and radgroupreply tables). Then FreeRADIUS will
> get those values for attributes and expand or evaluate them replacing
> variable placeholders for concrete values. I don't want to modify the
> configuration file to store any user's configuration as I am currently
> doing.

If you want to set particular attributes for particular users,
then just add entries for those attributes into the radcheck
table. You don't need to add the same attributes for all users.

> I post a request on Github:
> https://github.com/FreeRADIUS/freeradius-server/issues/1870
> 
> I was suggested to use SQL xlat expansion %{sql:SELECT ...} but that is not
> useful in my case because I don't want to customize requests.

I guess I'm not understanding what you want to do well enough.
Maybe someone else can?

It sounds like you either want to

a) dynamically expand what the attribute is being set to for a
user based on some random SQL values, in which case %{sql:...}
should work, or

b) dynamically change which attributes are being set, in which
case different entries in radcheck should do it.

...or... something else?

Maybe an example of what you want to put into the database and
what you want to get out would help.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list