huntgroups/groups with sql

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

huntgroups/groups with sql

Michel Jansens
Hi,

I want to use FR to control the access to different ressources (radius clients).
I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to Client-IP-Address and put the users in their groups in 'usergroup'.
Some users are in more than one group, but they can only access to the first matching group defined in 'radgroupcheck'.
Tryed to add  'Fall-Through = Yes' to all 'radgroupcheck' entries, but it didn't work.

Now I've found a workaround:

I added a column  'groupIPaddr' varchar(15)  in 'radgroupcheck'. I put there the Client-IP-Address

and changed the query in sql.conf to:

authorize_group_check_query = "SELECT  
    ${groupcheck_table}.id,${groupcheck_table}.GroupName,
    ${groupcheck_table}.Attribute,${groupcheck_table}.Value,
    ${groupcheck_table}.op  
  FROM ${groupcheck_table},${usergroup_table}
  WHERE ${groupcheck_table}.groupIPaddr ='%{Client-IP-Address}' AND  
    ${usergroup_table}.Username = '%{SQL-User-Name}' AND
    ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName
  ORDER BY ${groupcheck_table}.id"

Now My users have access to all their authorized nasses whatever the order of definition of the groups.

Was there an easier/more standard way of doing?


Michel
 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: huntgroups/groups with sql

Alan DeKok
Michel Jansens <[hidden email]> wrote:
> Tryed to add  'Fall-Through = Yes' to all 'radgroupcheck' entries, but it didn't work.

  It works in the CVS head, and will be in 1.1.x and following versions.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html