On Thu, 12 Mar 2009 14:30:07 +0200, Alan DeKok <al...@deployingradius.com>
wrote:
Alexander Solodukhin wrote:
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
That won't work... the SQL-Group attribute is a "callback" attribute.
i.e. Using it results in a call to the SQL module, which then does the
comparison itself.
And... it ignores the operator '!='. The operator is always '=='.
This is because the SQL-Group functionality goes way back to version
0.2, and isn't integrated with the newer "unlang" feature.
You could send a patch to integrate it with unlang, or do:
if (! (SQL-Group == 'Spot')) {
reject
}
That should work. It lets the SQL-Group code use '==', and then uses
the newer expression parser to do the "NOT in the group" checking.
No luck, Alan. Here the code:
# allow hotspot users only
if (!(SQL-Group == 'Spot')) {
reject
}
And debug output:
++? if (!(SQL-Group == 'Spot'))
sql_groupcmp
expand: %{User-Name} -> spot2
sql_set_user escaped user --> 'spot2'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'spot2'
ORDER BY priority
sql_groupcmp finished: User is a member of group Spot
rlm_sql (sql): Released sql socket id: 4
?? Evaluating (SQL-Group == 'Spot') -> TRUE
? Converting !TRUE -> FALSE
++? if (!(SQL-Group == 'Spot')) -> FALSE
Seems it works for 'spot2' account, but:
++? if (!(SQL-Group == 'Spot'))
sql_groupcmp
expand: %{User-Name} -> test2
sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 1
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'test2'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
sql_groupcmp finished: User is NOT a member of group Spot
++[chap] returns noop
++[mschap] returns noop
not work for test2 account.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html