Hello, I'm using unlang to discriminate the database to use as described in the code below. Is there a method to use variables so avoid the redundant check of NAS-Id? Thanks server rad { listen { ipaddr = * port = 1812 type = auth } listen { ipaddr = * port = 1813 type = acct } authorize { if (&NAS-Identifier =~ /test/i) { db1 } if (&NAS-Identifier =~ /test2/i) { db2 } } accounting { if (&NAS-Identifier =~ /test/i) { db1 } if (&NAS-Identifier =~ /test2/i) { db2 } } session { if (&NAS-Identifier =~ /test/i) { db1 } if (&NAS-Identifier =~ /test2/i) { db2 } } }
On Sep 28, 2017, at 3:50 PM, Ti Ti <tt91em@gmail.com> wrote:
Hello, I'm using unlang to discriminate the database to use as described in the code below. Is there a method to use variables so avoid the redundant check of NAS-Id?
You can't mix multiple regular expressions and get multiple different outputs. The regular expression libraries don't allow it. If you want to use the same set of "if" statements in multiple places, use policies. Add raddb/policy.d/check-nas-id, and put this into it: policy check-nas-id { if (&NAS-Identifier =~ /test/i) { db1 } if (&NAS-Identifier =~ /test2/i) { db2 } } Then everywhere you need that set of "if" statements, just use: check-nas-id Alan DeKok.
Thanks. In case of counters how can I use the policy? Because I have to specify the db in sql_module_instance sqlcounter dailycountertime{ sql_module_instance = db1 dialect = mysql counter_name = Daily-Session-Time check_name = Max-Daily-Session reply_name = Session-Timeout key = User-Name reset = daily query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{${key}}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'" } 2017-09-28 23:57 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 28, 2017, at 3:50 PM, Ti Ti <tt91em@gmail.com> wrote:
Hello, I'm using unlang to discriminate the database to use as described in the code below. Is there a method to use variables so avoid the redundant check of
NAS-Id?
You can't mix multiple regular expressions and get multiple different outputs. The regular expression libraries don't allow it.
If you want to use the same set of "if" statements in multiple places, use policies. Add raddb/policy.d/check-nas-id, and put this into it:
policy check-nas-id { if (&NAS-Identifier =~ /test/i) { db1 } if (&NAS-Identifier =~ /test2/i) { db2 } }
Then everywhere you need that set of "if" statements, just use:
check-nas-id
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On Sep 29, 2017, at 4:09 AM, Ti Ti <tt91em@gmail.com> wrote:
Thanks. In case of counters how can I use the policy? Because I have to specify the db in sql_module_instance
You will need to create multiple instances of the sql_counter module, and use that: sqlcounter dailycountertime_db1 { sql_module_instance = db1 ... } sqlcounter dailycountertime_db2 { sql_module_instance = db2 ... } and then reference "dailycountertime_db2" as the module to run inside of the "if" block. Alan DeKok.
2017-09-29 14:10 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 29, 2017, at 4:09 AM, Ti Ti <tt91em@gmail.com> wrote:
Thanks. In case of counters how can I use the policy? Because I have to specify the db in sql_module_instance
You will need to create multiple instances of the sql_counter module, and use that:
sqlcounter dailycountertime_db1 { sql_module_instance = db1 ... }
sqlcounter dailycountertime_db2 { sql_module_instance = db2 ...
}
and then reference "dailycountertime_db2" as the module to run inside of the "if" block.
Alan DeKok.
In that case the counters will be referenced both in authorize section and in accounting and session sections. This can be a problem? if (&NAS-Identifier =~ /test1/i) { db1 dailycounter_db1 noresetcounter_db1 } ---------- server rad { listen { ipaddr = * port = 1812 type = auth } listen { ipaddr = * port = 1821 type = acct } authorize { check-nas-id ... } accounting { check-nas-id exec attr_filter.accounting_response } session { check-nas-id } post-auth { exec Post-Auth-Type REJECT { check-nas-id attr_filter.access_reject } } pre-proxy { } post-proxy { eap } }
2017-09-29 14:58 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 29, 2017, at 8:55 AM, Ti Ti <tt91em@gmail.com> wrote:
In that case the counters will be referenced both in authorize section and in accounting and session sections. This can be a problem?
Does the example documentation show the module in both sections?
Alan DeKok.
Here http://networkradius.com/doc/3.0.10/raddb/mods-available/sqlcounter.html says the sections allowed are all, but in the various configs seen in the web the counters were only in authorize, so I don't know what is the behaviour if he finds it also in the others sections like accounting.
2017-09-29 15:38 GMT+02:00 Ti Ti <tt91em@gmail.com>:
2017-09-29 14:58 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 29, 2017, at 8:55 AM, Ti Ti <tt91em@gmail.com> wrote:
In that case the counters will be referenced both in authorize section and in accounting and session sections. This can be a problem?
Does the example documentation show the module in both sections?
Alan DeKok.
Here http://networkradius.com/doc/3.0.10/raddb/mods-available/ sqlcounter.html says the sections allowed are all, but in the various configs seen in the web the counters were only in authorize, so I don't know what is the behaviour if he finds it also in the others sections like accounting.
I tried and it said me: "sqlcounter" modules aren't allowed in 'accounting' sections -- they have no such method.
2017-09-29 16:30 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 29, 2017, at 10:28 AM, Ti Ti <tt91em@gmail.com> wrote:
I tried and it said me:
"sqlcounter" modules aren't allowed in 'accounting' sections -- they have no such method.
Read the sqlcounter module documentation to see how it works.
Alan DeKok.
I read it, my doubt is not on the counters themselves, but the way to refer them. If I have the following in the policy.d I can't put check-nas-id both in auth and acct sections, but if I left only db1 in the if body, then I have to do another if statement in authorize to check for the nas-id and import the counters. ### check-nas-id { if (&NAS-Identifier =~ /test1/i) { db1 dailycounter_db1 noresetcounter_db1 } } ### server rad { ... authorize { check-nas-id ... } accounting { check-nas-id ... } ... }
On Sep 29, 2017, at 10:50 AM, Ti Ti <tt91em@gmail.com> wrote:
I read it, my doubt is not on the counters themselves, but the way to refer them.
This has been explained in previous messages.
If I have the following in the policy.d I can't put check-nas-id both in auth and acct sections, but if I left only db1 in the if body, then I have to do another if statement in authorize to check for the nas-id and import the counters.
I think you're either not describing what you want, or you're not reading my messages. Alan DeKok.
2017-09-29 16:56 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Sep 29, 2017, at 10:50 AM, Ti Ti <tt91em@gmail.com> wrote:
I read it, my doubt is not on the counters themselves, but the way to refer them.
This has been explained in previous messages.
If I have the following in the policy.d I can't put check-nas-id both in auth and acct sections, but if I left only db1 in the if body, then I have to do another if statement in authorize to check for the nas-id and import the counters.
I think you're either not describing what you want, or you're not reading my messages.
Alan DeKok.
You said: "You will need to create multiple instances of the sql_counter module and then reference "dailycountertime_db2" as the module to run inside of the "if" block" Doing this I have to use 2 if statement in 2 different policy because in one I load db1 (to use in the accounting and session sections) and in the other I load the counters (ex dailycountertime_db2) to use in the auth section, logically is correct but you said that I wouldn't use 2 if statement to check the same nas-id.
participants (2)
-
Alan DeKok -
Ti Ti