Problems with sql

lance Thu, 14 Feb 2002 19:03:49 -0800


I think I've finally narrowed my problems down to :-


1.

If you use sql for authentication, and an auth-type of local is set 
because the user is found in the sql table, if you have default auth_type 
of pam in the users file to pick up system users that arent in the db, the 
fact that you already have an auth type from the sql is ignored when 
parsing the users file and the default pam is used when it shouldnt be :(

Shouldnt the files module respect pre-existing vp from the sql module , 
rather than the default overwriting a value ??

2.

I set the Group attribute in the sql according to the usergroup.

When parsing the users file this attribute is ignored and the Group is set 
per the system group database, even though there is no auth type system 
etc in evidence.

Is this the same problem as above ??

3.

I want to do a basic thing such as rejecting a user if they are not in 
the surftime group, but have dialled in on the surftime access number eg 
:-

DEFAULT Called-Station-Id == "xxxxxxxx",Group != "surftime", Auth-Type := Reject

Obviously I cant yet do this in sql because there doesnt seem to be a way 
of combining check attributes, or if there is I dont comprehend it.

But if I set the 'Group' attribute to surftime in radgroupreply , shouldnt 
this work anyway when the users file is parsed ??

4.

A more complicated problem is :-

user1  check1a,check1b
        reply1a
        reply1b
        ...
        ...

user1 check2a,check2b
        reply2a
        reply2b
        ...

At the moment this cant be done in sql, but all that would be required to 
make it work would be to be able to pseudo group the check pairs so that 
they all had to match to give a resultant 'group' which would then be used for 
generating the result pairs 

eg


radcheck

        user    attribute       value   op      checkgroup

        user1   check1a         val     ==      u1chk1
        user1   check1b         val     ==      u1chk1
        user1   check2a         val     ==      u1chk2
        user1   check2b         val     ==      u1chk2

Then if all of the check pairs for a checkgroup match the radgroupreply 
items for that checkgroup would be added 

radgroupreply

        group   attribute       value   op

        u1chk1  reply1a         val     :=
        u1chk1  reply1b         val     :=
        u1chk2  reply2a         val     :=
        u1chk2  reply2b         val     :=

Or have I completely misunderstood the problem and how the sql module 
works ??

Lance



        





        




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with sql

Reply via email to