On Tue 19 Sep 2006 19:48, Guilherme Franco wrote:
> Hello,
>
> I work in a Carrier and have an important question regarding SQL query
> check:
>
> I need to check a value in authorize_check_query (oracle-dialup.conf)
> to see if the user has paid his ADSL service. If he did paid the
> service, the request would be proxied to the ISP radius to
> authenticate the user, otherwise, the access needs to be rejected. So
> , the query would be checked like that:
>
> authorize_check_query = "SELECT id,UserName,Attribute,Value,op,PAID
> FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' AND PAID =
> 'YES' ORDER BY id"
>
> The problem is, If PAID != YES, the user is not found by the SELECT
> (correctly) but the request is still proxied to the ISP (normal proxy
> behaviour).
>
> What can I do to reject the request and not proxy it?We do exactly these types of checks, but we put them all inside a stored procedure. That way, if one of the checks doesn't match, you simply have it return "Auth-Type := Reject" Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpIhEcGnJVsT.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
