You can do this.
First setup two different tables for auth. Maybe cedt_authcheck and
ece_authcheck. Setup your permissions to modify those tables
appropriately in mysql.
Then in sql.conf, comment out the authcheck_table variable and create two
new ones.
ie:
cedt_authcheck = "cedt_authcheck"
ece_authcheck = "ece_authcheck"
Then in the authorize_check_query, use a UNION statement.
ie:
authorize_check_query = "(SELECT id,UserName,Attribute,Value,op FROM
${cedt_authcheck} WHERE Username = '{SQL-User-Name}' ORDER by id) UNION
(SELECT id,UserName,Attribute,Value,op FROM ${ece_authcheck} WHERE
UserName = '{SQL-User-Name}' ORDER by id)"
This will make radius do two queries, one for each table and do a union on
them. This will allow you to check two different tables for each login
and you can assign permissions to modify those to only certain users in
each department.
Do something similar for your reply_queries, by creating two seperate
reply tables and running a UNION on them.
-Dusty Doris
On Thu, 25 Nov 2004, Manjunath M Prabhu wrote:
> Hi alan,
> i am looking at a situation, where I as a main system admin and service
> provider
> for IISC maintain a single RADIUS server. I have to provide services to 2
> departments, say CEDT-users and ECE-users. I want to maintain 2 radius
> databases (say, radius-1 and radius-2). These radius-1 and 2 databases are to
> be mainatined by system admins of respective departments. They shld not be
> able
> to tamper with each other's databases.
> Is this possible?? Do I have to change sql.conf???I am planning to use the
> mysql
> server.
>
> thanks,
> regards,
> Manjunath
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
