On Feb 1, 2021, at 2:42 PM, Richard J Palmer <richard@merula.net> wrote:
We have been using FreeRadius for quite a long time to authenticate PPPoE and L2TP sessions and hotspots. So far everything works.
That's good to hear. :)
What I am trying to achieve in FreeRadius is
1) If there's an exact username (as now) continue as now 2) IF there's not a match either run a second SQL which will find the realm - and return accept. And then pass back the necessary attributes back to allow the session to forward.
I'd break that down into 3 steps. The question is how do you "find the realm" ?
Pretty happy to do most of the work here but some pointers would be perfect.
I could I suppose do this by replacing the SQL query with a stored procedure - but open to any better ideas?
Run the SQL module as-is, ensuring that the key is User-Name: sql if (notfound) { ... extra magic goes here ... } You'll need to do a few things after this. One is to figure out how to turn the User-Name into a realm. Ideally you put this into some kind of regex / SQL table, whatever. How this is done depends on you. And with minimal information, we can't really recommend anything. Put the realm name into a My-Realm attribute (Realm is already used for other things). Define My-Realm in raddb/dictionary: ATTRIBUTE My-Realm 3000 string The next step is to edit the SQL queries to look up realm *or* User-Name, e.g. edit raddb/mods-config/sql/main/mysql/queries.conf ... sql_user_name = "%{%{My-Realm}:-%{User-Name}}" Then, you can insert entries into the SQL tables, keyed by User-Name *or* realm. then update the "extra magic here" from above: sql if (notfound) { ??? somehow get My-Realm from User-Name sql } And ensure that each of the My-Realm entries has the correct reply attributes. Alan DeKok.