Local user or DB?
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Fri Jan 22 16:17:36 CET 2016
Which users are where? Is it random? Or is there a method to the organization of users?
And why not just unify all of the users into one database?
-- Not random.
-- I can not collect all users into one database. Because, MSSQL
database is not a radius database. It is used for another purposes. And
totally different workers seed this database.
How do you expect it to know that? i.e. is it random? Is it something in the packet?
-- Actually it is not expectation. Just prediction or foresight. But, I
think it is something in packet.
You need to know what you want FreeRADIUS to do. Then, write those rules down in "unlang".
If you don't know what you want FreeRADIUS to do, then you can't configure it to do anything
-- Freeradius is very useful and have big capacity and elastic. Thats
why I cant know whole capacity of that.
On 22-01-2016 16:58, Alan DeKok wrote:
> On Jan 22, 2016, at 9:42 AM, Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr> wrote:
>> OK. Let me clearify my problem.
>> There are 3 places where located my users.
> Which users are where? Is it random? Or is there a method to the organization of users?
>
> And why not just unify all of the users into one database?
>
>> If user try to authenticate and if this user defined local file or MySQL radiusdb, there is no problem.
>> If user try to authenticate and if this user is defined im MSSQL DB, I have to use custom query.
> OK...
>
>> Thats' why freeradius should know where com from authentication request and which custom query will be run .
> How do you expect it to know that? i.e. is it random? Is it something in the packet?
>
>> To separate localfiles/Mysql and MSSQL can I use realm? and If possible how can I trigger this custom query?
> You can run a custom query by using "unlang" policies.
>
> As to *when* to run the custom query, that's up to you.
>
> Right now, your problem statement is this:
>
> - I have users in database A, B, or C
> - when requests come with a user-name, I want to check one of the 3 databases
> - but I don't know which database to check
> - and I don't want to check all of them
>
> So... figure out which database you want to check, and why that user is in that database.
>
> FreeRADIUS isn't magic. There's no magical way for it to know what to do. You can't write policies which say "magically do what I want".
>
> You need to know what you want FreeRADIUS to do. Then, write those rules down in "unlang".
>
> If you don't know what you want FreeRADIUS to do, then you can't configure it to do anything.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
More information about the Freeradius-Users
mailing list