Variable expansion for SQL attributes

Matthew Newton mcn4 at leicester.ac.uk
Fri Dec 9 21:02:11 CET 2016 

On Fri, Dec 09, 2016 at 07:35:52PM +0100, Javier Matos Odut wrote:
> On Fri, Dec 9, 2016 at 6:39 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> > On Fri, Dec 09, 2016 at 04:21:22PM +0100, Javier Matos Odut wrote:
> >> I need to have independent IP pools: one per NAS. For scaling my network
> >> this is the best approach as my ip routes will be quite simple.
> >
> > OK, so you have different users that can connect to any NAS, and
> > one pool per NAS?
> 
> Exactly that. I have in my FreeRADIUS a network range with many ip
> addresses (I use ippool table) for every NAS (using poolname =
> "%{NAS-Identifier}").

> I have done a user interface to avoid non-technical people to access
> and edit configuration. If I have to edit database + a config file my
> interface will get more complicated.

That's fine - but what you are saying here contradicts what you
say below. If you had the existing unlang that works and there is
one pool per NAS then there is no need to do anything else.

> >> > Maybe an example of what you want to put into the database and
> >> > what you want to get out would help.
> >>
> >> Let's say I have:
> >>
> >> 1) a NAS whose NAS-Identifier is "nas01",
> >>
> >> 2) a user "user01" in database that has an attribute -> Pool-Name :=
> >> "%{NAS-Identifier}-hello"

OK... this isn't one pool per NAS - at least, that may be what you
have got at the moment, but this is keying the pool off the
User-Name *and* the NAS.


> >> Then when user01 tries to connect and nas01 send a request to FreeRADIUS
> >> the attribute Pool-Name will be evaluated to "%{NAS-Identifier}-hello" =>
> >> "nas01-hello".
> >>
> >> Obviously, if user01 is moved to a future nas02, then Pool-Name will get
> >> evaluated to "nas02-hello" when user tries to connect.
> >>
> >> I hope my example is good to explain what I am trying to do.

This is better, thanks.

You can do at least a couple of things. What you are asking for is

  update request {
    Pool-Name := "%{xlat:&Pool-Name}"
  }

which will expand Pool-Name a second time.


The other thing you could do is fetch Pool-Name from the database,
being just the second part of the actual pool name (in your
example, "hello"), then do

  update request {
    Pool-Name := "%{NAS-Identifier}-%{Pool-Name}"
  }

to get the complete name.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list