{control:SQL-Group} in post-auth
Anton Borisov
antonio at mccinet.ru
Tue Oct 20 17:18:04 CEST 2009
Hello!
My user is inserted in group = my_pool in sql DB.
I try to use in my sites-enabled/default something like this
post-auth {
...
...
if ( SQL-Group == my_pool ) {
...
...
}
}
when my user comes I can see it :
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] expand: SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'%{SQL-User-Name}' ORDER BY id
...
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] expand: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE (usergroup.Username =
'%{SQL-User-Name}' OR usergroup.CLID = '%{Calling-Station-Id}') AND
usergroup.GroupName = radgroupcheck.GroupName AND usergroup.GroupName =
'%{SQL-Group}' ORDER BY usergroup.PRIORITY,radgroupcheck.id
...
Tue Oct 20 18:49:23 2009 : Info: [sqlauth] User found in group my_pool
...
Ok, we can see that user is in my_pool group - this it ## point 1 ####
...
Tue Oct 20 18:49:23 2009 : Info: +- entering group post-auth {...}
Tue Oct 20 18:49:23 2009 : Info: ++[exec] returns noop
Tue Oct 20 18:49:23 2009 : Info: ++? if (SQL-Group == pool )
Tue Oct 20 18:49:23 2009 : Info: sql_groupcmp
Tue Oct 20 18:49:23 2009 : Debug: rlm_sql (sqlacct): Reserving sql
socket id: 24
Tue Oct 20 18:49:23 2009 : Info: expand: SELECT GroupName FROM
usergroup WHERE UserName='%{SQL-User-Name}' OR
CLID='%{Calling-Station-Id}' order by priority -> SELECT GroupName FROM
usergroup WHERE UserName='bebebeb' OR CLID='bebebeb' order by priority
Tue Oct 20 18:49:23 2009 : Info: sql_groupcmp finished: User is a member
of group pool
Tue Oct 20 18:49:23 2009 : Debug: rlm_sql (sqlacct): Released sql socket
id: 24
Tue Oct 20 18:49:23 2009 : Info: ? Evaluating (SQL-Group == pool ) -> TRUE
Tue Oct 20 18:49:23 2009 : Info: ++? if (SQL-Group == pool ) -> TRUE
Tue Oct 20 18:49:23 2009 : Info: ++- entering if (SQL-Group == pool ) {...}
Ok, we can see that because ###if ( SQL-Group == my_pool ) ### - so,
radius try to use new SQL query to sql DB.. But why? In this point
radius knows that user had been found in group my_pool - see ###point 1###.
Can I use another world for this check?, for example
if ( '%{control:SQL-Group}' == my_pool ) { .... }
because in this point I know exactly that my user belong to group
my_pool (see ####point 1####).
If I can use previous sql-select (###point 1####), I do not have to make
another SQL query every time when I use "if (SQL-Group == my_pool)" .
--
Yours faithfully,
Anton Borisov.
More information about the Freeradius-Users
mailing list