help with changing to use named instance of sql module

[Matt Zagrabelny]

On Mon, Jul 31, 2023 at 10:55 AM Alan DeKok <aland at deployingradius.com> wrote:
>
>
> On Jul 31, 2023, at 11:34 AM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:

>
> > However, the default working sql configuration does not match the
> > following -X output when I change the configs to use "sql foo {". I am
> > not seeing correct behavior in the post-auth section of
> > sites-enabled/default:
>
>   You changed what to what?

Inserted "foo" into 'sql {' within mods-available/sql. Changed group
attribute to:

group_attribute = "${.:instance}-SQL-Group"

and changed '-sql' to '-foo' in sites/available/default.

And of course, what you already found below, added the 'foo:' <---
WRONG!, to the post-auth unlang.

>
> > [...]
> > (0) Auth-Type = Accept, accepting the user
> > (0) # Executing section post-auth from file
> > /etc/freeradius/3.0/sites-enabled/default
> > (0)   post-auth {
> > (0)     if ("%{client:group}" == 'network-infrastructure') {
> > (0)     EXPAND %{client:group}
> > (0)        --> network-infrastructure
> > (0)     if ("%{client:group}" == 'network-infrastructure')  -> TRUE
> > (0)     if ("%{client:group}" == 'network-infrastructure')  {
> > (0)       if (foo:SQL-Group == 'network-admin') {
>
>   What's that?  You have "foo:SQL-Group"?  Where did that come from?  That will never work.

Ha! Thanks for the quick eyes, Alan! Indeed, I copied over some other
FR 3.x configs (which used multiple sql instances) to this new system
and curiously transposed the hyphen to a colon.

>
>   You'll need to use "foo-SQL-Group"  See mods-available/sql, which documents this.

Of course. The docs are great and I have benefited from your efforts.

As always, a pleasure to reach out to FR-users. Thanks for the speedy
assistance!

-m