Issue with table RADGRUOPCHECK
Andrea Mucci
andrea.mucci at outlook.com
Thu Nov 16 11:40:36 CET 2017
Hi All,
I would like to use the features of rlm_sql module, to send the correct VSA depending on the type of NAS that sent the Access-Request.
5. For each group this user is a member of, the corresponding check items
are pulled from radgroupcheck table and compared with the request. If
there is a match, the reply items for this group are pulled from the
radgroupreply table and applied.
I found some inconsistencies:
1) I can't associate a user to multiple groups for ORACLE schema. Why there is a unique constraint on the USERNAME field of the RADUSERGROUP table.
2) Obviously the select, that retrieves the attributes to reply, does not consider this eventuality and retrieves all the attributes of the groups that the user shares, even if the check on the RADGRUOPCHECK table is not positive.
3) At the end it seems that the control on the RADGRUOPCHECK table does not work.
My idea was to create multiple groups with the VSAs of individual devices, associate the user with all the groups and define a check over the FreeRADIUS-Client-NAS-Type attribute in the table RADGRUOPCHECK.
Andrea
More information about the Freeradius-Users
mailing list