Different reply attributes for same username in rlm_sql
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jan 4 15:29:45 CET 2013
On 04/01/13 14:18, Joe Rogers wrote:
>
> I am having difficulties implementing the following users file
> configuration in sql using freeradius 2.2.0:
>
> user1 Calling-Station-Id == "xx-xx-xx-xx-xx-xx"
> Tunnel-Private-Group-ID = VLAN1,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Type = VLAN
>
> user1 Calling-Station-Id == "yy-yy-yy-yy-yy-yy"
> Tunnel-Private-Group-ID = VLAN2,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Type = VLAN
>
> I'm attempting to send different reply attributes for the same username
> based on different check attributes. But, I'm having a hard time seeing
> how this is possible with rlm_sql using the default
> authorize_check_query and authorize_reply_query settings. I can
> certainly re-write those queries, but I'm hoping that I'm simply
> overlooking the proper way to configure this.
I think you need to rewrite the queries. IIRC there is no way to have >1
set of radcheck/radreply users for a single user; the check/reply
entries are merged.
You can probably (ab)use the groups functionality to do this.
Or, don't use the radcheck/radreply stuff at all; instead use an SQL
xlat in "unlang":
post-auth {
update reply {
Tunnel-Private-Group-ID = "%{sql:select vlan ... where ...}"
Tunnel-Medium-Type = IEEE-802
Tunnel-Type = VLAN
}
}
More information about the Freeradius-Users
mailing list