Serving multiple groups of users
Marcus Ng
marcus.ng at assuritz.com
Thu Aug 21 05:30:38 CEST 2014
Hi,
1. Can't I just add attributes into table radgroupcheck? i.e.
select * from radcheck;
id | org | username | attribute | op | value
----+----------+-----------------+--------------------+----+---------
1 | deptA | marcus at deptA | Cleartext-Password | := | mypassword
select * from radusergroup;
username | groupname | priority
-----------------+-----------+----------
marcus at deptA | group001 | 1
select * from radgroupcheck;
id | groupname | attribute | op | value
----+-----------+-----------------+----+----------------------
1 | group001 | Packet-Dst-IP-Address | := | 192.168.228.103
2 | group001 | Packet-Dst-Port | := | 1812
2. Or do I really have to modify authorize_group_reply_query? Any examples?
Thanks,
-Marcus
-----Original Message-----
From: freeradius-users-bounces+marcus.ng=assuritz.com at lists.freeradius.org
[mailto:freeradius-users-bounces+marcus.ng=assuritz.com at lists.freeradius.org
] On Behalf Of Alan DeKok
Sent: Thursday, August 21, 2014 4:32 AM
To: FreeRadius users mailing list
Subject: Re: Serving multiple groups of users
Marcus Ng wrote:
> 1. If I create 2 sql named instances, and each one has num_sql_socks =
> 5, does that mean the total number of sql connections is 10? I don't
> really want that because the only difference between the 2 named
> instances will only be in the sql queries.
You can use 2 SQL instances. In version 3.0.4 (released soon), SQL
modules can share connection pools.
> 2. Or, can I use radgroupcheck to check for listening IP and port of
> the radius server instead?
> I.e. to check the incoming connection has the correct
> Packet-Dst-IP-Address and Packet-Dst-Port?
Yes, that can be done. Just edit the queries. That's why they're text.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list