At 04:44 PM 1/14/2002 +0000, you wrote: >[EMAIL PROTECTED] writes: > >This patch fixes (I hope) 2 related problems. First, as pointed out by > >[EMAIL PROTECTED] back in mid December, the logic in the > >sql_userparse subroutine does not allow for multiple reply pairs for a > >single attribute from the radgroupreply table. This patch fixes this by > >explicitly checking to see if the attribute in question has an op value of > >"+=". > >Can't say I have the above problem directly (multiple reply pairs for a >single attribute from radgroupreply), but I DO have the following problem : > >If radgroupreply has the same attribute as radreply (albeit a different >value), only the one from radreply is returned for any matching user/group. >To clarify: radgroupreply both have only one instance of the attribute >each, but with different values.
Hmm, from what I saw digging around in the code (I'm just beginning with this too), it appears that the behavior you are seeing is intentional. There is a comment in there to the effect that group attributes should not be allowed to supercede individual (radreply) attributes. But this logic was setup before the extra operators were available to rlm_sql. I think if you try the patch I posted AND use the "+=" operator in your radgroupreply table it should work the way you want. But, I think the "tagged" (have a colon in them) attributes like you mentioned below are handled differently. I saw some extra code in src/lib/valuepair.c in the "pairmake" subroutine that affects this. I didn't try to figure this part out since it didn't relate directly (I hope) to what I was trying to do. Hopefully this will give you a starting place for your digging. >My example: in my case, I'm setting a user-specific "Cisco-AVPair" in >radreply (value "ip:route=..."), and a group one in radgroupreply (value >"ip:dns-servers=..."). The radgroupreply one isn't returned to the user >(but all other radgroupreply attributes are). > >If I add the attribute from radgroupreply to radreply (in addition to the >one already there), then both are returned. > >Anyone any ideas? > >I'm gonna try digging the code, but I'm not really a code junkie... sorry... > >Regards, > >SB > >Scott Bartlett ([EMAIL PROTECTED]) >BTA Limited >100 High Street Wandsworth >London SW18 4LA >United Kingdom >Tel:020 8871 4240 Fax:020 8871 4584 >http://www.bta.com > >Network Consultancy and Support for Windows 9x/NT and MacOS. >Internet connectivity, solutions, and business services. > >This message is intended only for the use of the person(s) ("The intended >recipient(s)") to whom it is addressed. It may contain information which >is privileged and confidential within the meaning of applicable law. If >you are not the intended recipient, please contact the sender as soon as >possible. The views expressed in this communication may not necessarily be >the views held by BTA. > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Randy Moore Axion Information Technologies, Inc. email [EMAIL PROTECTED] phone 301-408-1200 fax 301-445-3947 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
