rlm_sql: can I avoid queries on radcheck?

Phil Mayers p.mayers at imperial.ac.uk
Fri Oct 12 13:31:59 CEST 2012


On 12/10/12 12:15, Stefano Zanmarchi wrote:
> Hi,
> we're using rlm_sql to perform authorization based on a couple of sql
> tables ('eduroam_diritto_uso'
> and  'eduroam_mac_registrati') , it's working fine.
> Now mysql logs show that radiusd is still performing queries on
> radcheck, radgroupcheck.
> Can I avoid this (since these tables are empty so we're not using them)?

If you don't want to run the "sql" queries, just remove the "sql" module 
from the "authorize" section.

> I know this is nothing vital, but if it's easy done...
> I've managed to avoid queries on  radgroupcheck commenting out the
> "group_membership_query"
> in dalup.conf.
> I thought that I could now comment out the "authorize_check_query" to
> avoid queries radchek,
> but no, I get an error:
> [sql] 	expand:  ->
> [sql] Error generating query; rejecting user
>
> Thanks a lot in advance,
> Stefano
>
>
> authorize {
>          preprocess
>          rewrite.calling_station_id
>          sql

Just remove the line above. You might need to add "sql" to the 
"instantiate { }" section, to ensure the module is loaded and available 
for the XLAT you use below.

>          if ("%{sql:SELECT count(*) FROM eduroam_mac_registrati AS m,
> eduroam_diritto_uso AS d WHERE m.username = d.username AND
> m.mac='%{Calling-Station-Id}' and d.diritto='S'}" == 1){
>              ok
>            update control {
>               Auth-Type := Accept
>            }
>          }
>          else {
>            reject
>          }
>
>          auth_log
>          eap
>          openldap
>          mschap
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list