How to allow nas'es to serve only groups of clients?

Alan DeKok aland at deployingradius.com
Thu Mar 12 13:30:07 CET 2009


Alexander Solodukhin wrote:
> Thank you for help. I try to do as you say and put this to authorize
> section after preprocess:
> 
>        preprocess
> 
>         # allow  hotspot users only
>         if (SQL-Group != 'Spot') {

  That won't work... the SQL-Group attribute is a "callback" attribute.
  i.e. Using it results in a call to the SQL module, which then does the
comparison itself.

  And... it ignores the operator '!='.  The operator is always '=='.
This is because the SQL-Group functionality goes way back to version
0.2, and isn't integrated with the newer "unlang" feature.

  You could send a patch to integrate it with unlang, or do:

	if (! (SQL-Group == 'Spot')) {
		reject
	}

  That should work.  It lets the SQL-Group code use '==', and then uses
the newer expression parser to do the "NOT in the group" checking.

  Alan DeKok.



More information about the Freeradius-Users mailing list