On 25/6/09 10:33, [email protected] wrote:
Hi,
You should write your custom authentication script.
theres probably a way of doing it all in config
with unlang etc - but yes, a PERL script which does
all of the SQL stuff and authentication itself
is probably the way to go for it
I leave you guys alone for 5 minutes....
Use the sql modules to create the pool of database connections required. And list the sql instances in instantiate (the parser isn't clever enough to figure out that the module instances will be
required for string expansion calls).
radiusd.conf
instantiate {
sql_old
sql_new
}
authenticate {
mschap {
update control {
Cleartext-Password := "%{sql_new:SELECT <cleartext password
query...>}"
}
mschap {
reject = 2
}
if(reject){
update control {
Cleartext-Password := "%{sql_old:SELECT <cleartext
password query...>}"
}
mschap
}
}
}
Don't use the automatic failover stuff, it's not appropriate here...
If this doesn't work, post the debug output. There are some issues with rcode
priority assignments and unlang, but they're possible to work around.
Arran
--
Arran Cudbard-Bell ([email protected]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
