FreeRadius and MySql custom attributes
Aaron Seibert
aaron at awseibert.net
Thu Nov 6 01:08:59 CET 2008
I think what I'll do is just change the reply query to pull from the
Profiles table so the query would look like
id,username,profiles,'true',';='. Then I'll change the dictionary file
so the "Slip" profile gets the correct attributes, and "true" will be
passed tith each of the account types....
On Thu, 2008-11-06 at 04:15 +0530, Venkatesh K wrote:
> You can extend the rlm_sql module to read from your schema though it
> is some work. Alternatively you can go with perl and scripting.
>
> I believe extending rlm_sql module to read your schema and generate
> AVP's will give better performance, but I might be wrong. I have taken
> this path for a custom database.
>
> Regards,
>
> Venkatesh K
>
> On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert <aaron at awseibert.net> wrote:
> > Becuase the database is already established with thousands of
> > customers.... We're looking to migrate from an existing VOPRadius
> > system. The MsSql database is tied into our account management system
> > as well
> >
> > On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
> >>
> >>
> >> authorize_reply_query = "SELECT
> >> '',Username,'Profile',Profiles,':=' FROM
> >> radius_auth WHERE Username = '%{SQL-User-Name}'"
> >>
> >>
> >>
> >> It's doing exactly what you tell it to do.
> >>
> >>
> >>
> >>
> >>
> >> query: SELECT '',Username,'Profile',Profiles,':=' FROM
> >> radius_auth
> >> WHERE Username = 'aseibert at evenlink.com'
> >>
> >> There's the query as you defined it above...
> >>
> >>
> >>
> >>
> >> Sending Access-Accept of id 46 to 206.174.130.217 port 40278
> >> Profile := "Slip"
> >>
> >> And there's the access-accept with a reply attribute of Profile :=
> >> "Slip". In your database you clearly have a column titled 'Profile'
> >> in radius_auth with value of "Slip" for the row for the username
> >> "aseibert at evenlink.com"
> >>
> >> To get what you want, you would need a column titled "Slipstream-Auth"
> >> with a value of "True" for the row for the username
> >> "aseibert at evenlink.com".
> >>
> >> But all this is actually a bit horkie. It makes little sense to have
> >> to add a column everytime you want a random check/reply attribute.
> >> It's bad practice and going to be terribly inefficient by any database
> >> backend.
> >>
> >> Why is it that you don't want to follow the provided schema (in 2.x
> >> raddb/sql/mysql/) and predefined queries?
> >>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
>
>
>
More information about the Freeradius-Users
mailing list