Thanks, I sort of get what you are saying. But where do I define which sql.conf file to look in? I assume that I would want sql1 for example to point to sql.conf and sql2 to point to sql2.conf or however I choose to set it up. I defined sql1 and sql2 in my radiusd.conf section and it made the application error out. I assume I have to define this elsewhere, any suggestions?
Cordially,
Chris DeRamus
OCIO VPN Administrator
Verizon
301-903-2093
-----Original Message-----
From: Dustin Doris [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 01, 2003 1:18 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Is it possible to split authentication and authorization requests based on NAS IP?
Yes you can do that now. In your users file put.
DEFAULT NAS-IP-Address == "1.1.1.1", Autz-Type := sql1
DEFAULT NAS-IP-Address == "2.2.2.2", Autz-Type := sql2
Then you can setup two different sql types. Then in authorization in
radius.conf add
autztype sql1 {
sql1
}
autztype sql2 {
sql2
}
You can do the same thing with auth types and set Auth-Type := whatever.
On Tue, 1 Apr 2003, Deramus, Chris wrote:
> I will try to make this as simple to understand as possible. Basically in
> our production environment we are trying to use our FreeRADIUS server to do
> authentication for both VPN users (stored in radcheck) and Sprint dialup
> users. In my radcheck table, I have the typical UserName, Attribute, Value,
> and op fields, but I also have a lot of user information. My table structure
> looks like this:
>
> +---------------+-----------------+------+-----+---------------------+------
> ----------+
> | Field | Type | Null | Key | Default | Extra
> |
> +---------------+-----------------+------+-----+---------------------+------
> ----------+
> | id | int(5) unsigned | | PRI | NULL |
> auto_increment |
> | UserName | varchar(64) | | MUL | |
> |
> | Attribute | varchar(16) | | | Password |
> |
> | Value | varchar(253) | | | |
> |
> | op | char(2) | YES | | := |
> |
> | Org | varchar(16) | | | |
> |
> | Name | varchar(64) | | | |
> |
> | Mail | varchar(128) | | | |
> |
> | WorkPhone | varchar(24) | | | |
> |
> | Requestor | varchar(128) | | | |
> |
> | DateCreated | datetime | | | 0000-00-00 00:00:00 |
> |
> | DateUpdated | datetime | | | 0000-00-00 00:00:00 |
> |
> | Profile | varchar(8) | | | |
> |
> | Sprint | enum('N','Y') | | | N |
> |
> | NewNotice | enum('N','Y') | | | N |
> |
> | ExpiredNotice | enum('N','Y') | | | N |
> |
> +---------------+-----------------+------+-----+---------------------+------
> ----------+
>
> All VPN authentication requests come from our VPN NAS IP-Address (Static),
> and Sprint requests come from a totally different NAS IP-Address (Static). I
> don't want to duplicate data into radcheck, so I was curious if FreeRADIUS
> has (or is planning to have) the capability (maybe in sql.conf?) to do
> different queries based on different inbound requests? Maybe a some IF THEN
> logic which can say if the nas-ip is equal to value then execute
> authentication_query number 1, else execute authentication_query number 2.
> Would this be possible to add into your program? If it's already available
> then please let me know, because I can't seem to get separate queries to
> work at this moment.
>
>
> Cordially,
>
> Chris DeRamus
> OCIO VPN Administrator
> Verizon
> 301-903-2093
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html