design question
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Mar 6 04:17:12 CET 2013
On 5 Mar 2013, at 18:03, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>
>>
>> You know SQL supports groups right? and that a group matching can be conditional on attributes in the request? and that you can add aditional config items to client definitions to mark them as a special devices?
>
> Hi Arran,
>
> Thanks for the reply. I've grepped the wiki and mailing list archives
> and could not answer the following:
>
> What do I change in the nas table (in the database) to mark the
> network boxes as "special devices"? I see the schema as:
>
> CREATE TABLE nas (
> id SERIAL PRIMARY KEY,
> nasname VARCHAR(128) NOT NULL,
> shortname VARCHAR(32) NOT NULL,
> type VARCHAR(30) NOT NULL DEFAULT 'other',
> ports int4,
> secret VARCHAR(60) NOT NULL,
> server VARCHAR(64),
> community VARCHAR(50),
> description VARCHAR(200)
> );
>
> Is it the "server" field? If so, could you also briefly explain how to
> apply that to group matching? (I have added users to groups using the
> usergroup table, but haven't touched the radgroupcheck/reply yet.)
So long as you're using static devices in clients.conf you can use the xlat expansion "%{client:<config item>}".
Add an extra string attribute to raddb/dictionary, something like Client-Group, then populate it before calling the sql module.
authorize {
update request {
Client-Group := "%{client:group}"
}
sql
}
Then add a 'group' config item in the client {} definition.
You can then use Client-Group as a check item.
-Arran
>
> Thanks for any help!
>
> -mz
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list