Here is a message from a mssql database programer whose assignment was to
make an sql query in sql.conf so I could deny access to users whose
session-timeout from radreply table was less than 0 seconds.
He did it like this :
authorize_check_query = "SELECT radcheck.id, radcheck.UserName, radcheck.Attribute,
radcheck.Value FROM radcheck inner join
radreply on radcheck.username=radreply.username WHERE radreply.Username =
'%{SQL-User-Name}' and radreply.Attribute='session-timeout
' and radreply.Value>0 ORDER BY radcheck.id"
authenticate_query = "SELECT radcheck.Value,radcheck.Attribute FROM radcheck inner
join radreply on radcheck.username=radrep
ly.USerName WHERE radcheck.UserName = '%{SQL-User-Name}' AND ( radcheck.Attribute =
'Password' OR radcheck.Attribute = 'Crypt-Passwo
rd' ) and radreply.Attribute='session-timeout' and radreply.Value>0 ORDER BY Attribute
DESC"
Now this works but he is really pissed because he doesn't like the
database design so he is going to reap my head of if I ask him to
make me a query to update session-timeout when accounting stop
occurs.
So if someone has an easy solution please send it and if you have
time send a reply to his message
Angry programers message :
I have a question about design of radcheck and radreply tables. In ALL
radius servers I have seen there is a single row for each user, with
all necessary attributes. Here, there is a row for each attribute.
That means that I have to rely on WHERE clause to get the
necessary attribute, especially when joining these two tables. E.g.
SELECT radcheck.id, radcheck.UserName, radcheck.Attribute, radcheck.Value FROM radcheck
inner join radreply
on radcheck.username=radreply.username
WHERE radreply.Username = 'someuser' and radreply.Attribute='session-timeout' and
radreply.Value>0
ORDER BY radcheck.id
Wouldn't be simpler if there is a single row for each user?
--
Best regards,
galileo mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
