> ... Username='%{Stripped-User-Name}' AND realm='%{Realm:-pop.co.za}' AND > .... > > ie - if the REALM is missing - it should default to 'pop.co.za'... > > Anyway - still getting incorrect logins.... > > A radiusd -X shows me that .."WHERE Username='mje' AND realm='NULL' > AND"...
That's how it works. You'll need to refactor your SQL query e.g. select foo from bar where Username='%{Stripped-User-Name}' and realm=( case when '%{Realm}'='NULL' then 'pop.co.za' else '%{Realm}' end) The other and slightly easier alternative is to set "ignore_null = yes" on your realm module so that users without a realm won't match the module, and then use: select foo from bar where Username='%{Stripped-User-Name:-%{User-Name}}' and realm='${Realm:-pop.co.za}' > > ie - If there is no realm - its set to the string of four characters > 'NULL' rather than the string '\0' .. > not what I was hoping for... > > If the realm is missing - it can only refer to a user in the 'pop.co.za' > realm - and no other. > > Suggestions? > > ie - the equivalent of ... if( ${Realm} == "NULL") Realm="pop.co.za" > ..put somewhere. > > > ps. It would be very useful if one could run radiusd in '-X' mode based > on some criteria - such as the Realm or the Nas, > especially on a busy server - just for matching packets. > > (in proxy.conf .. syntax of > realm myrealm.com { > type = radius > authhost = LOCAL > accthost = LOCAL > debug = yes > } > > or in clients.conf > client access.pop.co.za { > secret = very > shortname = access > nastype = cisco > debug = yes > } > ) > > > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html