On Tue, Feb 16, 2010 at 5:24 PM, Sicly undecided <siclyundeci...@gmail.com> wrote: > I want to be able to check multiple values for the same check > attribute (nas ipaddress || nas port). I have tried the ":=, +=" way, > but i'm guessing, since it didn't work that this only works for reply > attributes. > > If anyone can point me in a general direction it would most appreciated.
So you're saying you want access allowed if one of the multiple check attribute matches? There's no quick-and-standard way that I know of to achieve that. You'll probably be able to hack sql module with custom queries and schema. For example, I had a requirement where a username will be allowed access : - from any Calling-Station-Id (for certain users), OR - from a list of Calling-Station-Ids, where they comprimise of numbers only (phone numbers, to be exact) for most users. Plus I need to enable/disable a user easily, and limit user vailidity only up to a certain time. The authorize query became this complicated beast: authorize_check_query = "SELECT `id`,`UserName`,`Attribute`,`Value`,`op` FROM `${authcheck_table}` WHERE `UserName` IN ( SELECT `UserName` FROM `${authrestrict_table}` WHERE `Username` = '%{SQL-User-Name}' AND `Status`='enable' AND `EXPIRE` > now() ) AND `UserName` IN ( SELECT `UserName` FROM `${authclinumber_table}` WHERE `Username` = '%{SQL-User-Name}' AND `clinumber` IN ('ANY', convert('%{Calling-Station-Id}', SIGNED)) )" The ${authclinumber_table} that I use to list Calling-Station-Ids goes like this +-----------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+------------------+------+-----+---------+----------------+ | id | int(20) unsigned | NO | PRI | NULL | auto_increment | | UserName | varchar(64) | NO | MUL | | | | clinumber | varchar(16) | NO | MUL | ANY | | +-----------+------------------+------+-----+---------+----------------+ where there can be many UserName-clinumber pairs for each user and phone number combination, and a clinumber of "ANY" if I want to allow access from any phone number. While ${authrestrict_table} that I use to control user vailidity goes like this +----------+-----------------------------------+------+-----+---------------------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+-----------------------------------+------+-----+---------------------+----------------+ | id | int(20) unsigned | NO | PRI | NULL | auto_increment | | UserName | varchar(64) | NO | UNI | | | | Status | enum('enable','disable') | NO | | enable | | | Expire | datetime | NO | | 0000-00-00 00:00:00 | | +----------+-----------------------------------+------+-----+---------------------+----------------+ As you can see it becomes complicated, and again I say this is a hack (which requires some knowledge of nested SQL query), but should give you a basic idea of what you need to do. You could probably also use unlang and sql expansion, but I haven't had time to look into it for this purpose. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html