multiple entries per radius_check table

Matt Zagrabelny mzagrabe at d.umn.edu
Mon Jul 1 22:48:34 CEST 2013


On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
>
> On 1 Jul 2013, at 17:59, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
>
>> Greetings,
>>
>> I am using a Pg datastore to hold authentication data and using the Pg
>> module for FR to hook into it.
>>
>> I am using a basic view for the radius_check table:
>>
>> # SELECT  * from radius_check_users where username = 'mzagrabe';
>>  id   | username |   attribute    | op |               value
>> -------+----------+----------------+----+------------------------------------
>> 1 | mzagrabe | Crypt-Password | := | $1$somehash
>>
>> I'd also like to have the option of denying users with something like:
>>
>> atlas-# SELECT * from radius_sanction where username = 'mzagrabe';
>>  id   | username | attribute | op | value
>> -------+----------+-----------+----+--------
>> 1 | mzagrabe | Auth-Type | := | Reject
>> (1 row)
>>
>> I'd like to create a UNION of these two views so that both records
>> would be returned when FR queried for 'mzagrabe'. Is it enough to
>> ensure that the "Reject" records appears before the "Crypt-Password"
>> records in the resulting UNION for FR to reject the request?
>
> It can appear before or after, it doesn't matter.
>
> https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330

Great!

Thanks, Arran!

Sincerely,

-mz


More information about the Freeradius-Users mailing list