Authorize based on Calling-Station-ID | Auth-type issue

Alan DeKok aland at
Tue Jan 24 15:36:51 CET 2017

On Jan 24, 2017, at 6:42 AM, Koos Myburgh <koos at> wrote:
> Hi Alan, 
> I have added it to the authorize section and it works as expected. What would be the best way to get the full reply attributes from the sql radreply table other than setting the reply items for each attribute one by one?: 

  You should use the SQL tables as normal.

> if (Calling-Station-Id == "%{sql:SELECT CallingStationId FROM `radcheck` WHERE CallingStationId = %{Calling-Station-ID}}") { 
> update control { 
> Auth-Type := Accept 
> } 
> update reply { 
> Framed-Ip-Address := "%{sql:SELECT staticip FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" 
> Cisco-AVPair := "%{sql:SELECT dnsservers FROM `radreply` WHERE CallingStationId = %{Calling-Station-ID}}" 
> } 
> } 

  That's just the wrong solution.

  If you're writing custom rules, you should probably use custom SQL tables.

  If you're using the standard SQL tables, you should use them in the standard way.  See the Wiki for documentation on how they work.  It is extensively documented.

> Is there a way to call the "authorize_reply_query" from the sql module to get the reply items? 

  That's the wrong question, based on wrong assumptions.

  You should instead do put this into SQL:

radcheck: Calling-Station-Id == ...
radcheck: Auth-Type := Accept

  And then leave radreply as-is.

  You *don't* need custom "unlang" rules to pull data from SQL.

  Read the rlm_sql documentation in the wiki.  It should help.

  Alan DeKok.

More information about the Freeradius-Users mailing list