On 02/08/2012 07:40 PM, Lee Solway wrote: Hello Lee,
> Is there a way I can set an access Accept or Reject in the MySQL results > generated by AuthBy SQL? Please see below for one method. > Currently I have a stored procedure that I call in the following.. I > would like the SP to be able to reject the Access-Request with an error > message also if possible.. > > AuthSelect CALL get_reply_attr('%U') > AuthColumnDef 0, GENERIC, reply > AuthColumnDef 1, User-Password, check You could do both (control accept/reject and return reason) with something like this. First change get_reply_attr to return 'true' or 'false' to control Accept or Reject. Also add another return value which is the Reply-Message that is returned with Access-Reject. AuthColumnDef 2,X-Accepted-By-Sql,check AuthColumnDef 3,X-Reject-Msg,request In the Handler or Realm clause prime X-Accepted-By-Sql like this: AddToRequest X-Accepted-By-Sql=true In the same Handler or Realm add RejectHasReason and a PostAuthHook to replace reason with the value from SQL call. RejectHasReason. PostAuthHook sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; \ my $result = $_[2]; my $reason = $_[3]; \ return unless $$result == $main::REJECT; \ $$reason = $p->get_attr('X-Reject-Msg'); \ } Putting this together, if the third value returned by SQL call is something else than 'true' the request will be rejected. The hook will then set the returned Reply-Message based on X-Reject-Msg which comes from SQL call. For more about the hook parameters, please see the reference manual. Thanks! Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator