Setting a default group, or group based on realm

Matthew H Matthew at marrold.co.uk
Mon Dec 27 15:39:21 CET 2021 

Thanks Alan that's really helpful.

I will try editing the queries and see how I get on.

Thanks
Matthew

On Mon, Dec 27, 2021 at 2:25 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Dec 26, 2021, at 6:46 PM, Matthew H <Matthew at marrold.co.uk> wrote:
> > I am using FreeRADIUS + Postgres and would like to be able to set a
> default
> > group, and potentially set the group based on realm.
>
>   The documentation, etc. discusses how groups are defined.  The SQL
> documentation says how the "usergroup" table is defined, and how it is
> used.  So if you want to use that, you have to follow the docs, and perhaps
> edit the queries.
>
> > Could someone point me in the right direction?
> >
> > I've tried things like
> >
> > DEFAULT Auth-Type := Accept, Group-Name := "default"
> >
> > but I don't then get the replies for the group defined in the
> radgroupreply
> > table.
>
>   Because nothing in the SQL documentation says that you can select the
> group via the "Group-Name" attribute.
>
>   To see how the SQL module works, read the docs:
> https://wiki.freeradius.org/modules/Rlm_sql
>
>   If you want to set a default group, then edit the SQL queries.    These
> are in the file mods-config/sql/main/postgresql/queries.conf, which
> contains full documentation on what each query does, and how it's used.
>
>   You will need to:
>
> a) set some kind of DEFAULT group in SQL (or a group named for the realm)
>
> b) edit the SQL queries to also return the DEFAULT group (or the group
> named for the realm)
>
>   i.e. the file has:
>
>
> group_membership_query = "\
>         SELECT groupname \
>         FROM ${usergroup_table} \
>         WHERE username = '%{SQL-User-Name}' \
>         ORDER BY priority"
>
>   Edit the "where" clause to add "OR username = DEFAULT".  See the
> PostgreSQL documentation to see how to create SQL queries.
>
> c) use debug mode to check that it all works.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list