SQL and Huntgroups

Fajar A. Nugraha list at fajar.net
Wed May 1 13:21:00 CEST 2013


On Tue, Apr 30, 2013 at 3:09 PM,  <gregoire.leroy at retenodus.net> wrote:
> Hello,
>
>
>> It pretty much said that:
>> - you need to add an entry to radgroupcheck, so that when
>> Huntgroup-Name matches a value (site_a), an SQL group (site_a_admins)
>> will be assigned
>> - you add entries to radgroupreply to return
>> whatever-attribute-value-pairs-you-want for site_a_admins group.
>
>
> I don't understand. The wiki and you seem to explain how to add the same
> configuration to the reply for all the users from a NAS.
> Indeed, with your example, all the users from site_a would have the same
> attributes from site_a_admins group. I want to add something which is
> user-dependent (like, for example, but not only, his IP address). To do
> that, with your example, I would be forced to create one group per user, and
> I really don't like that (it seems ugly).

Wow.

So per user, AND per NAS?

AFAIK it would pretty much be as ugly in SQL as it would be in users
file. And you also need to modify the SELECT query to include
User-Name instead of just NAS-IP-Address.

Yes, you'd need to create one group per user-NAS combination, but
you'd also need a spearate entry in users file for the same thing if
you use files instead of sql. So IMHO it's roughly the same.

-- 
Fajar


More information about the Freeradius-Users mailing list