help with changing to use named instance of sql module

[Alan DeKok]

On Jul 31, 2023, at 11:34 AM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Running freeradius 3.0.21+dfsg-2.2+deb11u1.

  Updated packages are available on http://packages.networkradius.com

> The default FR configs (obviously!) work wonderfully. Thank you for
> making a robust system.

  It's taken a while. :)

> I am attempting to deviate from those defaults and am hitting a snag.
> I would like to use multiple databases (within the sql module), thus I
> am attempting to change:
> 
> sql {
> }
> 
> to
> 
> sql foo {
> }

  That's OK, but there may be other references to the "sql" module in expansions, etc.  Making the above change means that all of those references will stop working.  You will know by testing.

> After successfully adding "foo", I can then add "bar".
> 
> From running -X it appears that I am connecting to "foo" correctly:
...
> The above -X output is generally the same output as the working
> default sql configuration output.

  That's good.

> However, the default working sql configuration does not match the
> following -X output when I change the configs to use "sql foo {". I am
> not seeing correct behavior in the post-auth section of
> sites-enabled/default:

  You changed what to what?

> [...]
> (0) Auth-Type = Accept, accepting the user
> (0) # Executing section post-auth from file
> /etc/freeradius/3.0/sites-enabled/default
> (0)   post-auth {
> (0)     if ("%{client:group}" == 'network-infrastructure') {
> (0)     EXPAND %{client:group}
> (0)        --> network-infrastructure
> (0)     if ("%{client:group}" == 'network-infrastructure')  -> TRUE
> (0)     if ("%{client:group}" == 'network-infrastructure')  {
> (0)       if (foo:SQL-Group == 'network-admin') {

  What's that?  You have "foo:SQL-Group"?  Where did that come from?  That will never work.

  You'll need to use "foo-SQL-Group"  See mods-available/sql, which documents this.

  Alan DeKok.