Pasi Kärkkäinen wrote: > I need to add Post-Proxy-Type based on realm of the proxied > request. > > I can't figure out how to express this with the sql tables: > "DEFAULT Realm == "foo.net", Post-Proxy-Type := post.proxy.foo" > > There's no Realm field in the sql..
I don't understand why you absolutely want to manage the settings for the realm in a SQL database. (although it is possible) The home server does SQL requests because it authenticates the users and stores accounting tickets, but the proxy usually doesn't do SQL at all. Unless you have many realms and they often change and you can't afford to add/remove a realm from your configuration without restarting radiusd, your proxy doesn't need to do SQL requests. Moreover, querying the SQL server for each request costs a big performance penalty, therefore you should put the Post-Proxy-Type in the users file unless you have good reasons. If you really want to add the Post-Proxy-Type attribute from a database, below is the main idea of how to do this. (I didn't test it and perhaps you'll need some minor changes) You change "UserName" by "Realm" in the SQL schema. CREATE TABLE radcheck ( id int(11) unsigned NOT NULL auto_increment, Realm varchar(64) NOT NULL default '', Attribute varchar(32) NOT NULL default '', op char(2) NOT NULL DEFAULT '==', Value varchar(253) NOT NULL default '', PRIMARY KEY (id), KEY UserName (UserName(32)) ) ; Then you insert the Post-Proxy-Type definition in the radcheck table: INSERT INTO radcheck (Realm,Attribute,op,Value) VALUES ('foo.net', 'Post-Proxy-Type', '=', 'post.proxy.foo'); INSERT INTO radcheck (Realm,Attribute,op,Value) VALUES ('bar.com', 'Post-Proxy-Type', '=', 'post.proxy.bar'); Finally you write the adequate query in sql.conf. (and comment other auth queries) authorize_check_query = "SELECT id,Realm,Attribute,Value,op FROM radcheck WHERE Realm = '%{Realm}'" > Could I use rlm_attr_filter to add Post-Proxy-Type? rlm_attr_filter is > processed for the proxy replies and you can match realms there.. so it > seems like a right place to do this.. I'll try this and see what happens. You can't add a check item with this module, so there is no way you can set Post-Proxy-Type there. However, perhaps you can try to add the Pool-Name attribute in the attrsfile: foo.net Pool-Name := "foo_ippool", Fall-Through = Yes bar.com Pool-Name := "bar_ippool", Fall-Through = Yes DEFAULT Put here all other attributes you need otherwise they'll be removed from the packet This is an alternate approach. It may work, too. And finally you will get not one, but two solutions to setup you FreeRADIUS proxy ! -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html