SQL Statement in users file

McSparin, Joe jmcsparin at hillcountrymemorial.org
Thu Jan 5 17:54:06 CET 2012

With renewed confidence that this would work I found that I just needed
to add the database name and remove the single quotes and it worked.  I
am curious about your suggestion to use "unlang" and post-auth can you
elaborate on that.   

Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcsparin at hillcountrymemorial.org

-----Original Message-----
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists.freerad
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists
.freeradius.org] On Behalf Of Phil Mayers
Sent: Thursday, January 05, 2012 10:29 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: SQL Statement in users file

On 05/01/12 15:24, McSparin, Joe wrote:
> Does this seem like a doable scenario in the users file it doesn't
> return anything but I'm not sure if it is query issue or if those
> are not available in the users file.
> DEFAULT Auth-Type = "ntlm_auth"
> Tunnel-Type = "VLAN",
> Tunnel-Medium-Type = "IEEE-802",
> Tunnel-Private-Group-id = "%{sql:SELECT 'vlans.assigned_vlan' FROM
> 'vlans' WHERE 'vlans.device_mac' = '%{Calling-Station-Id}'}"

That should work.

What does the "debug" say?

It is often preferable to use "unlang" to "users" files entries in the 
current server versions; there's a bit more flexibility, in particular 
you can run the SQL query once in post-auth, and in debug mode you get a

better idea of what actually matches. e.g.

post-auth {
   update reply {
     Tunnel-Type = "VLAN",
     Tunnel-Medium-Type = "IEEE-802",
     Tunnel-Private-Group-id = "%{sql:SELECT ...}"
List info/subscribe/unsubscribe? See

This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.

More information about the Freeradius-Users mailing list