Alan, Thanks that helped I've got the conditions to match. However I've setup multiple groups:
ssh-admin ssh-read ssh-write and want to use a regexp to match anything containing ssh-* to allow those users to authenticate instead of multiple lines matching each value. Can I use regex matching with SQL-Group ? The following seems to be evaluated as "ssh.*" and not anything containing "ssh......" if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) { .....reject.... } Sincerely, William Burnett burnet...@gmail.com On Sat, Sep 25, 2010 at 12:09 AM, Alan DeKok <al...@deployingradius.com> wrote: > William Burnett wrote: >> What is the best way to go about this? I was trying to use unlang to >> query my database but can't seem to get the syntax right. > > The "sql" module queries databases. > > ... >> if ( %{group_membership_query} == "ssh") { > > This won't do what you want. Instead, use > > if (SQL-Group == "ssh") { > > This is documented in raddb/sql.conf. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html