Setting a default group, or group based on realm
Alan DeKok
aland at deployingradius.com
Mon Dec 27 15:22:43 CET 2021
On Dec 26, 2021, at 6:46 PM, Matthew H <Matthew at marrold.co.uk> wrote:
> I am using FreeRADIUS + Postgres and would like to be able to set a default
> group, and potentially set the group based on realm.
The documentation, etc. discusses how groups are defined. The SQL documentation says how the "usergroup" table is defined, and how it is used. So if you want to use that, you have to follow the docs, and perhaps edit the queries.
> Could someone point me in the right direction?
>
> I've tried things like
>
> DEFAULT Auth-Type := Accept, Group-Name := "default"
>
> but I don't then get the replies for the group defined in the radgroupreply
> table.
Because nothing in the SQL documentation says that you can select the group via the "Group-Name" attribute.
To see how the SQL module works, read the docs: https://wiki.freeradius.org/modules/Rlm_sql
If you want to set a default group, then edit the SQL queries. These are in the file mods-config/sql/main/postgresql/queries.conf, which contains full documentation on what each query does, and how it's used.
You will need to:
a) set some kind of DEFAULT group in SQL (or a group named for the realm)
b) edit the SQL queries to also return the DEFAULT group (or the group named for the realm)
i.e. the file has:
group_membership_query = "\
SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY priority"
Edit the "where" clause to add "OR username = DEFAULT". See the PostgreSQL documentation to see how to create SQL queries.
c) use debug mode to check that it all works.
Alan DeKok.
More information about the Freeradius-Users
mailing list