Additional Restrictions for users

Alexander Clouter alex at
Mon Sep 27 20:41:01 CEST 2010

William Burnett <burnett.w at> wrote:
> Thanks that helped I've got the conditions to match. However I've
> setup multiple groups:
> ssh-admin
> ssh-read
> ssh-write
> and want to use a regexp to match anything containing ssh-* to allow
> those users to authenticate instead of multiple lines matching each
> value. Can I use regex matching with SQL-Group ?
> The following seems to be evaluated as "ssh.*" and not anything
> containing "ssh......"
> if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) {
> .....reject.... }
Does not work like that.  You will need to construct a SQL xlat 
statement that does the check for you, so:
if ("%{sql:SELECT ....}" ....) {

or however SQL modules function, I'm an LDAP man myself.


Alexander Clouter
.sigmonster says: Are you a turtle?

More information about the Freeradius-Users mailing list