{control:SQL-Group} in post-auth

Anton Borisov antonio at mccinet.ru
Tue Oct 20 17:18:04 CEST 2009


Hello!


My user is inserted in group = my_pool in sql DB.

I try to use in my sites-enabled/default something like this

post-auth {
...
...
         if ( SQL-Group == my_pool ) {
	...
	...
	}
}


when my user comes I can see it :

Tue Oct 20 18:49:23 2009 : Info: [sqlauth] 	expand: SELECT 
id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 
'%{SQL-User-Name}' ORDER BY id
...
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] 	expand: SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE (usergroup.Username = 
'%{SQL-User-Name}' OR usergroup.CLID = '%{Calling-Station-Id}') AND 
usergroup.GroupName = radgroupcheck.GroupName AND usergroup.GroupName = 
'%{SQL-Group}' ORDER BY usergroup.PRIORITY,radgroupcheck.id
...
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] User found in group my_pool
...


Ok, we can see that user is in my_pool group - this it ## point 1 ####


...
Tue Oct 20 18:49:23 2009 : Info: +- entering group post-auth {...}
Tue Oct 20 18:49:23 2009 : Info: ++[exec] returns noop
Tue Oct 20 18:49:23 2009 : Info: ++? if (SQL-Group == pool )
Tue Oct 20 18:49:23 2009 : Info: sql_groupcmp
Tue Oct 20 18:49:23 2009 : Debug: rlm_sql (sqlacct): Reserving sql 
socket id: 24
Tue Oct 20 18:49:23 2009 : Info: 	expand: SELECT GroupName FROM 
usergroup WHERE UserName='%{SQL-User-Name}' OR 
CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM 
usergroup WHERE UserName='bebebeb' OR CLID='bebebeb' order by priority
Tue Oct 20 18:49:23 2009 : Info: sql_groupcmp finished: User is a member 
of group pool
Tue Oct 20 18:49:23 2009 : Debug: rlm_sql (sqlacct): Released sql socket 
id: 24
Tue Oct 20 18:49:23 2009 : Info: ? Evaluating (SQL-Group == pool ) -> TRUE
Tue Oct 20 18:49:23 2009 : Info: ++? if (SQL-Group == pool ) -> TRUE
Tue Oct 20 18:49:23 2009 : Info: ++- entering if (SQL-Group == pool ) {...}



Ok, we can see that because ###if ( SQL-Group == my_pool ) ### - so, 
radius try to use new SQL query to sql DB.. But why? In this point 
radius knows that user had been found in group my_pool - see ###point 1###.


Can I use another world for this check?, for example
if ( '%{control:SQL-Group}' == my_pool ) { .... }
because in this point I know exactly that my user belong to group 
my_pool (see ####point 1####).
If I can use previous sql-select (###point 1####), I do not have to make 
another SQL query every time when I use "if (SQL-Group == my_pool)" .


-- 
Yours faithfully,
Anton Borisov.



More information about the Freeradius-Users mailing list