Additional Restrictions for users
William Burnett
burnett.w at gmail.com
Mon Sep 27 22:37:35 CEST 2010
Alright,
Glad I asked, I've been trying different variations for half an hour.
I ended up just created an if - elsif statement since I only had three
static groups, but thought the regexp model would be less taxing than
processing each if statement.
if (Service-Type == "Login-User") {
if (SQL-Group == "ssh-admin") {
update control {
Auth-Type := "Accept"
}
}
elsif (SQL-Group == "ssh-write") {
update control {
Auth-Type := "Accept"
}
}
elsif (SQL-Group == "ssh-read") {
update control {
Auth-Type := "Accept"
}
}
else {
update control {
Auth-Type := "Reject"
}
}
}
Thanks again for the pointers.
Sincerely,
William Burnett
burnett.w at gmail.com
On Mon, Sep 27, 2010 at 11:41 AM, Alexander Clouter <alex at digriz.org.uk> wrote:
> William Burnett <burnett.w at gmail.com> wrote:
>>
>> Thanks that helped I've got the conditions to match. However I've
>> setup multiple groups:
>>
>> ssh-admin
>> ssh-read
>> ssh-write
>>
>> and want to use a regexp to match anything containing ssh-* to allow
>> those users to authenticate instead of multiple lines matching each
>> value. Can I use regex matching with SQL-Group ?
>>
>> The following seems to be evaluated as "ssh.*" and not anything
>> containing "ssh......"
>>
>> if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) {
>> .....reject.... }
>>
> Does not work like that. You will need to construct a SQL xlat
> statement that does the check for you, so:
> ----
> if ("%{sql:SELECT ....}" ....) {
> ----
>
> or however SQL modules function, I'm an LDAP man myself.
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: Are you a turtle?
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list