multiple entries per radius_check table
Greetings, I am using a Pg datastore to hold authentication data and using the Pg module for FR to hook into it. I am using a basic view for the radius_check table: # SELECT * from radius_check_users where username = 'mzagrabe'; id | username | attribute| op | value ---+--+++ 1 | mzagrabe | Crypt-Password | := | $1$somehash I'd also like to have the option of denying users with something like: atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; id | username | attribute | op | value ---+--+---++ 1 | mzagrabe | Auth-Type | := | Reject (1 row) I'd like to create a UNION of these two views so that both records would be returned when FR queried for 'mzagrabe'. Is it enough to ensure that the Reject records appears before the Crypt-Password records in the resulting UNION for FR to reject the request? Any other advice or hints? Thanks! -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple entries per radius_check table
On 1 Jul 2013, at 17:59, Matt Zagrabelny mzagr...@d.umn.edu wrote: Greetings, I am using a Pg datastore to hold authentication data and using the Pg module for FR to hook into it. I am using a basic view for the radius_check table: # SELECT * from radius_check_users where username = 'mzagrabe'; id | username | attribute| op | value ---+--+++ 1 | mzagrabe | Crypt-Password | := | $1$somehash I'd also like to have the option of denying users with something like: atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; id | username | attribute | op | value ---+--+---++ 1 | mzagrabe | Auth-Type | := | Reject (1 row) I'd like to create a UNION of these two views so that both records would be returned when FR queried for 'mzagrabe'. Is it enough to ensure that the Reject records appears before the Crypt-Password records in the resulting UNION for FR to reject the request? It can appear before or after, it doesn't matter. https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330 Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple entries per radius_check table
On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 1 Jul 2013, at 17:59, Matt Zagrabelny mzagr...@d.umn.edu wrote: Greetings, I am using a Pg datastore to hold authentication data and using the Pg module for FR to hook into it. I am using a basic view for the radius_check table: # SELECT * from radius_check_users where username = 'mzagrabe'; id | username | attribute| op | value ---+--+++ 1 | mzagrabe | Crypt-Password | := | $1$somehash I'd also like to have the option of denying users with something like: atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; id | username | attribute | op | value ---+--+---++ 1 | mzagrabe | Auth-Type | := | Reject (1 row) I'd like to create a UNION of these two views so that both records would be returned when FR queried for 'mzagrabe'. Is it enough to ensure that the Reject records appears before the Crypt-Password records in the resulting UNION for FR to reject the request? It can appear before or after, it doesn't matter. https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330 Great! Thanks, Arran! Sincerely, -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
