Hi,
I want to use FR to control the access to different ressources (radius clients).
I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to
Client-IP-Address and put the users in their groups in 'usergroup'.
Some users are in more than one group, but they can only access to the first
matching group defined in 'radgroupcheck'.
Tryed to add 'Fall-Through = Yes' to all 'radgroupcheck' entries, but it
didn't work.
Now I've found a workaround:
I added a column 'groupIPaddr' varchar(15) in 'radgroupcheck'. I put there
the Client-IP-Address
and changed the query in sql.conf to:
authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,
${groupcheck_table}.Attribute,${groupcheck_table}.Value,
${groupcheck_table}.op
FROM ${groupcheck_table},${usergroup_table}
WHERE ${groupcheck_table}.groupIPaddr ='%{Client-IP-Address}' AND
${usergroup_table}.Username = '%{SQL-User-Name}' AND
${usergroup_table}.GroupName = ${groupcheck_table}.GroupName
ORDER BY ${groupcheck_table}.id"
Now My users have access to all their authorized nasses whatever the order of
definition of the groups.
Was there an easier/more standard way of doing?
Michel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
