Re: FreeRadius 1.1.3 with MySQL

Wed, 14 May 2008 06:04:17 -0700 

Brad Furst wrote:

Ivan Kalik wrote:

Create multiple sql instances. Create Autz-Type entry for each in
authorize section. Then add something like this in users file.



DEFAULT   Real == whatever, Autz-Type = sqlwhatever



This is much simpler with unlang in 2.0 (no Autz-Type entries needed,
just a switch block in authorize).



I apologize for my ignorance, but if I'm understanding you correctly I 
should be able to create multiple instances and go to authorize{} and do 
something similar to this:


authorize{
   suffix
   preprocess
   Autz-Type SQL1{
               sql1
   }
   Autz-Type SQL2{
               sql2
   }
   files
}


And then tell the individual realms what to do and the Autz type in the 
users file to use like this:


DEFAULT Realm==fakecompany.com, Autz-Type=SQL1
DEFAULT Realm==fakecompany2.com, Autz-Type=SQL2

Alan DeKok wrote:


I'm actually doing this in 2.0 without using multiple SQL instances.
I just have a table per realm, and I update the table name in the SQL
query for each realm.



The SQL queries are dynamically expanded for *precisely* this reason.



This would actually be ideal; the way mine is configured my sql queries 
are in a seperate file called sql.conf. Would it be better for me to 
move everything back over to radiusd.conf? Also, how would I pass it the 



That's not necessary. sql.conf is expanded just like radiusd.conf, since 
it's just an included file.



required table names that were dependant on the realm? Can Realm be used 
in an if then statement like

if realm=fakecompany.com
authtable=fakecompanyauth


You'd need to do another lookup; something like this in "users":

DEFAULT Realm == fake.com
        Tmp-String-1 = "fake_com_auth"

DEFAULT Realm == fake2.com
        Tmp-String-1 = "fake2_com_auth"

...then in sql.conf:

blah_query = "select ... from %{Tmp-String-1} where username='%{..}'"


NOTE: the table name is NOT surrounded by single quotes, so you'll need 
to be careful to not let an SQL insertion attack; the users file is a 
good way of doing this





?



-

List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to