Phil Mayers wrote: > Arran Cudbard-Bell wrote: > >>> This could also be done cleaner (but slower) with cleverly designed SQL >>> tables or stored procedures >>> >>> >> Yeah, complex sql really can be quite slow, specially when the queries >> are being run multiple times for all the rounds required in eap >> authentication. >> > > > You've seen Alans hint re: only running on the tunnel so that helps there. > > >> I use a second instance of preprocess to read a second hints file called >> 'nas_hints' this uses dynamic sql queries to grab extra nas_attributes >> from the server. >> > > That's a clever trick. > > One of the main advantages of the rlm_passwd module is that it can add > items to the *request* as well as the config and reply items. It would > be extremely handy if the SQL module could do this too. > > Specifically I can think of uses for 2-pass SQL queries where one would > want to use data returned from the 1st query in the 2nd. This is > basically impossible to do without using stored procedures at the moment. > > Regarding your bitmask trick - maybe there's a use for bitwise > operators, e.g.: > > # NAS-Features - integer bitfield > # 128 - router, admins only > # 64 - do vlan assignment > # 32 - do IP assignment > > DEFAULT NAS-Features & 128, SQL-Group != "ADMINS", Auth-Type := Reject > Reply-Message = "admins only" > > DEFAULT NAS-Features & 64 > Tunnel-Private-Group-Id = `%{sql:select vlan('%{NAS-IP-Address}', > '%{User-Name}')}` > Fall-Through = Yes > > DEFAULT NAS-Features & 32, Pool-Name := "something" > > ...and so on > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Yes !!!
I didn't know freeradius supported bitwise operators ! They're not listed anywhere so I assumed you couldn't use them ?! Ohh this makes things so much neater :) Thanks Phil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html