Matter of Life and Death - SQL and Proxy

Peter Nixon listuser at peternixon.net
Tue Sep 19 21:18:22 CEST 2006


On Tue 19 Sep 2006 19:48, Guilherme Franco wrote:
> Hello,
>
> I work in a Carrier and have an important question regarding SQL query
> check:
>
> I need to check a value in authorize_check_query (oracle-dialup.conf)
> to see if the user has paid his ADSL service. If he did paid the
> service, the request would be proxied to the ISP radius to
> authenticate the user, otherwise, the access needs to be rejected. So
> , the query would be checked like that:
>
> authorize_check_query = "SELECT id,UserName,Attribute,Value,op,PAID
> FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' AND PAID =
> 'YES' ORDER BY id"
>
> The problem is, If PAID != YES, the user is not found by the SELECT
> (correctly) but the request is still proxied to the ISP (normal proxy
> behaviour).
>
> What can I do to reject the request and not proxy it?

We do exactly these types of checks, but we put them all inside a stored 
procedure. That way, if one of the checks doesn't match, you simply have it 
return "Auth-Type := Reject"

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060919/5c3c16d1/attachment.pgp>


More information about the Freeradius-Users mailing list