> From: Desmond Rivet
> Sent: Thursday, 10 July 2003 1:46 AM
> >One way to accomplish this would be to create two separate SQL
> >connections;
> >sql1 & sql2.
> >sql sql1 {
> > driver = "rlm_sql_mysql"
> > ...
> >}
> >sql sql2 {
> > driver = "rlm_sql_mysql"
> > ...
> >}
> <snip>
> >In radiusd.conf add the appropriate Autz-Type enteries to the 'authorize'
> >section, see 'Autz-Type' in the FreeRADIUS docs.
> >
> >authorize{
> > suffix
> > preprocess
> > Autz-Type SQL1{
> > sql1
> > }
> > Autz-Type SQL2{
> > sql2
> > }
> > files
> >}
>
> Thanks. This is fairly clear.
> I suppose I can set up two different tables for the two different types of
> user profiles. Each sql module looks at a different table. A failed attempt
> to access the user credentials from the first table (because the check list
> didn't match) would cause the second sql module to be invoked and hence the
> second table to be searched.
No, that doesn't seem quite right... I think something was missed from your
quoting... You set Autz-Type earlier based on the attribute you mentioned
you were using to differentiate quota and authentication requests....
Then you only have one query per request, since only one of the two Autz-Type
blocks in the authorize block get run.
Or at least that's how I understand it.
You only need two queries, really. They _may_ access two tables, but that's
not important either way... Or maybe that's wrong. See sql.conf (or the
appropriate one for your SQL server) for details.
> It just seems to me that this is rather heavy. You're doubling the number of
> connections to the database, because there are two seperate modules running,
> each with their own "connection pool" (if that's the right term).
But still only one _query_ per request.
Ah, here's the missing part:
> > Add DEFAULT check conditions to the users file to check for the IP address
> > of your NAS, setting Autz-Type to either SQL1 or SQL2.
> > DEFAULT NAS-IP-Address == 192.168.0.1, Autz-Type := SQL1
> > DEFAULT NAS-IP-Address == 192.168.0.2, Autz-Type := SQL2
Except <NAS-IP_Address == IP> becomes <Attribute-To-Check == Value>
--
=========================================================
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
---------------------------------------------------------
Random signature generator 3.0 by Paul "TBBle" Hampson
=========================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
