multiple entries per radius_check table
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jul 1 22:30:15 CEST 2013
On 1 Jul 2013, at 17:59, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> Greetings,
>
> I am using a Pg datastore to hold authentication data and using the Pg
> module for FR to hook into it.
>
> I am using a basic view for the radius_check table:
>
> # SELECT * from radius_check_users where username = 'mzagrabe';
> id | username | attribute | op | value
> -------+----------+----------------+----+------------------------------------
> 1 | mzagrabe | Crypt-Password | := | $1$somehash
>
> I'd also like to have the option of denying users with something like:
>
> atlas-# SELECT * from radius_sanction where username = 'mzagrabe';
> id | username | attribute | op | value
> -------+----------+-----------+----+--------
> 1 | mzagrabe | Auth-Type | := | Reject
> (1 row)
>
> I'd like to create a UNION of these two views so that both records
> would be returned when FR queried for 'mzagrabe'. Is it enough to
> ensure that the "Reject" records appears before the "Crypt-Password"
> records in the resulting UNION for FR to reject the request?
It can appear before or after, it doesn't matter.
https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list