Brad Furst wrote:
Ivan Kalik wrote:
Create multiple sql instances. Create Autz-Type entry for each in
authorize section. Then add something like this in users file.
DEFAULT Real == whatever, Autz-Type = sqlwhatever
This is much simpler with unlang in 2.0 (no Autz-Type entries needed,
just a switch block in authorize).
I apologize for my ignorance, but if I'm understanding you correctly I
should be able to create multiple instances and go to authorize{} and do
something similar to this:
authorize{
suffix
preprocess
Autz-Type SQL1{
sql1
}
Autz-Type SQL2{
sql2
}
files
}
And then tell the individual realms what to do and the Autz type in the
users file to use like this:
DEFAULT Realm==fakecompany.com, Autz-Type=SQL1
DEFAULT Realm==fakecompany2.com, Autz-Type=SQL2
Alan DeKok wrote:
I'm actually doing this in 2.0 without using multiple SQL instances.
I just have a table per realm, and I update the table name in the SQL
query for each realm.
The SQL queries are dynamically expanded for *precisely* this reason.
This would actually be ideal; the way mine is configured my sql queries
are in a seperate file called sql.conf. Would it be better for me to
move everything back over to radiusd.conf? Also, how would I pass it the
That's not necessary. sql.conf is expanded just like radiusd.conf, since
it's just an included file.
required table names that were dependant on the realm? Can Realm be used
in an if then statement like
if realm=fakecompany.com
authtable=fakecompanyauth
You'd need to do another lookup; something like this in "users":
DEFAULT Realm == fake.com
Tmp-String-1 = "fake_com_auth"
DEFAULT Realm == fake2.com
Tmp-String-1 = "fake2_com_auth"
...then in sql.conf:
blah_query = "select ... from %{Tmp-String-1} where username='%{..}'"
NOTE: the table name is NOT surrounded by single quotes, so you'll need
to be careful to not let an SQL insertion attack; the users file is a
good way of doing this
?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html