William Burnett <burnet...@gmail.com> wrote: > > Thanks that helped I've got the conditions to match. However I've > setup multiple groups: > > ssh-admin > ssh-read > ssh-write > > and want to use a regexp to match anything containing ssh-* to allow > those users to authenticate instead of multiple lines matching each > value. Can I use regex matching with SQL-Group ? > > The following seems to be evaluated as "ssh.*" and not anything > containing "ssh......" > > if (!SQL-Group =~ /ssh.*/ && (Service-Type == "Login-User")) { > .....reject.... } > Does not work like that. You will need to construct a SQL xlat statement that does the check for you, so: ---- if ("%{sql:SELECT ....}" ....) { ----
or however SQL modules function, I'm an LDAP man myself. Cheers -- Alexander Clouter .sigmonster says: Are you a turtle? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html