radius authentication query not rejecting AUTH

[Alan DeKok]

On Jun 6, 2016, at 7:59 AM, Amardeep Singh <aman.xsaintz at gmail.com> wrote:
> Following is the authentication query that I am using :-
> if ("%{Called-Station-Id}" =~ /^00-50-E8-/) {
> update request {
> Tmp-String-0 = "%{sql: SELECT  radius_group_name from raduserzone where \
> site_id='%{NAS-Identifier}' and \
> mac_address='%{Calling-Station-Id}' \
> and vlan_id regexp '[[:<:]]%{NAS-Port}[[:>:]]'}"
> }
> if (&Tmp-String-0) {

  Which only checks if the attribute exists.  It does NOT check if the attribute has any data in it.

> update request {
>  Tmp-String-1 := "%{sql:update radusergroup set \
>  groupname='%{Tmp-String-0}' \
>  where username='%{Calling-Station-Id}'}";
> }
> }
> }
> 
> Also tried if (&Tmp-String-0 != "") { in the above query.

  Which should be better.

> Now when we try to switch the SSID to Guest space (VLAN_ID = 93) , the
> authentication query(above) did not seem to work as expected and it returns
> true every time we switch irrespective of the record in the  raduserzone
> table.

  Because you're checking if the attribute exists, not if the attribute has any data.

> I have attached the debug logs file. On line 267 it says 'SQL query did not
> return any results' but still it updates the radusergroup table with  a
> null value resulting in successfull AUTH on radius. It is not rejecting the
> AUTH somehow. Please suggest!

  Use:

	if (&Tmp-String-0 != "") 

  Alan DeKok.