deny access with huntgroups
Ivan Kalik
tnt at kalik.net
Fri Aug 28 10:12:41 CEST 2009
>
>> You have to enforce reject:
>
>> if(SQL-Group == "vpnuser") {
>> ok
>> }
>> else {
>> reject
>> }
>
>> Ivan Kalik
>> Kalik Informatika ISP
> Alright. that makes sense.
> But can the if(xxx) contain several sql-queries to the database?
> The username and groupname from radusergroup and groupname from
> radhuntgroup
> need to be
> matched somehow so that no one note in the right group can get through.
>
> Something like:
>
> if(SQL-Group == "%{sql:select groupname xxxx AND SQL-User-Name ==
SQL-Group == "xxxx" is equivalent to that.
> "%{sqlxxxx AND so on...
You can do:
if(statement && another statement || other statement) {
...
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list