Conditional Authorize based on SQL-Groups?
Etienne Pretorius
etiennep at kingsley.co.za
Thu Jan 17 09:54:21 CET 2008
Hello list,
Is there anyway that I can selectivly execute modules in the authorize
sections based upon the SQL-Group the user belongs to. I also need to
know where you are suppose to enable the 'read_groups' directive as I do
not see the sql query being performed at all.
<cut>
radius_xlat: 'bob at testing'
rlm_sql (sql): sql_set_user escaped user --> 'bob at testing'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'bob at testing' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'bob at testing'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'bob at testing' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'bob at testing'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
modcall: entering group for request 0
rlm_sqlcounter: Entering module authorize code
<cut>
/etc/freeradius# grep read_groups *
sql.conf: read_groups = yes
--
Kind Regards
Etienne Pretorius
More information about the Freeradius-Users
mailing list