huntgroups/groups with sql
Michel Jansens
michel.jansens at ulb.ac.be
Thu Jul 28 11:12:20 CEST 2005
Hi,
I want to use FR to control the access to different ressources (radius clients).
I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to Client-IP-Address and put the users in their groups in 'usergroup'.
Some users are in more than one group, but they can only access to the first matching group defined in 'radgroupcheck'.
Tryed to add 'Fall-Through = Yes' to all 'radgroupcheck' entries, but it didn't work.
Now I've found a workaround:
I added a column 'groupIPaddr' varchar(15) in 'radgroupcheck'. I put there the Client-IP-Address
and changed the query in sql.conf to:
authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,
${groupcheck_table}.Attribute,${groupcheck_table}.Value,
${groupcheck_table}.op
FROM ${groupcheck_table},${usergroup_table}
WHERE ${groupcheck_table}.groupIPaddr ='%{Client-IP-Address}' AND
${usergroup_table}.Username = '%{SQL-User-Name}' AND
${usergroup_table}.GroupName = ${groupcheck_table}.GroupName
ORDER BY ${groupcheck_table}.id"
Now My users have access to all their authorized nasses whatever the order of definition of the groups.
Was there an easier/more standard way of doing?
Michel
More information about the Freeradius-Users
mailing list