Conditional SQL module and server wide variables

Ricardo LarraƱaga ricardo.larranaga at gmail.com
Fri Jun 26 18:07:10 CEST 2015 

Hey Alan, thanks a lot for your help!!!.

I actually thought about another way to solve #1 yesterday, that implies
instantiating the files module again.
That way i have a file with explicit users and another one with Default
Mathing sets.
If The first one returns a match, i simply do not call the second files
instance or the sql module.
What do you think? Your solution definetely looks simpler from the
configuration point of view. It is probably better performance wise too.
Thanks.
Regards

On Fri, Jun 26, 2015 at 12:58 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Jun 25, 2015, at 10:07 PM, Ricardo LarraƱaga <
> ricardo.larranaga at gmail.com> wrote:
>
> > Hello Guys. I am running freeradius 3.0.4 on centos 7, and have 2
> > questions, i was wondering if someone can help me.
> >
> > 1) I use the file module and the sql module.
> > On the users file, i might have an exact entry for a user, or a DEFAULT
> > entry for a user.
>
>   The "files" module returns the same code for finding a normal user, and
> for the "DEFAULT" entry.  So you can't tell those apart easily.
>
>   The way to fix this is to have the DEFAULT entry set a server-side
> attribute.  Then, check for that attribute.
>
> > What i would like to do is:
> > -If i match an exact entry, do not run sql module
> > -If i match a DEFAULT entry, run sql module.
> > Is this possible? As far as i could see, File module returns [ok], both
> for
> > exact and default match entries, so i am not sure on how to differentiate
> > those.
>
>   Exactly.  Do this:
>
> DEFAULT         Tmp-Integer-0 := 42, ...
>         ...
>
>   And then:
>
>         files
>         if (control:Tmp-Integer-0 == 42)  {
>                 ... matched default logic ...
>         }
>
> > 2) Server Wide variables.
> > I am about to implement copy-acct-to-home-server in order to replicate
> > accounting between servers (cool feature!). Now, I understand that i am
> > responsible of writing a policy to drop packets in case one of the
> servers
> > i am copying accounting to goes down. What i would like to know is if i
> can
> > define a server wide variable like a counter, where i could increment the
> > number of times a server has not responded. If this goes over a
> threshold,
> > i can start dropping packets, in order not to load the server.
>
>   That's already done.  See request:Packet-Transmit-Counter.  It's an
> integer attribute added by the detail file reader.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list