How to allow nas'es to serve only groups of clients?
Alan DeKok
aland at deployingradius.com
Thu Mar 12 13:30:07 CET 2009
Alexander Solodukhin wrote:
> Thank you for help. I try to do as you say and put this to authorize
> section after preprocess:
>
> preprocess
>
> # allow hotspot users only
> if (SQL-Group != 'Spot') {
That won't work... the SQL-Group attribute is a "callback" attribute.
i.e. Using it results in a call to the SQL module, which then does the
comparison itself.
And... it ignores the operator '!='. The operator is always '=='.
This is because the SQL-Group functionality goes way back to version
0.2, and isn't integrated with the newer "unlang" feature.
You could send a patch to integrate it with unlang, or do:
if (! (SQL-Group == 'Spot')) {
reject
}
That should work. It lets the SQL-Group code use '==', and then uses
the newer expression parser to do the "NOT in the group" checking.
Alan DeKok.
More information about the Freeradius-Users
mailing list