On 06/08/2012 11:28 PM, JustJoe wrote:
Can anyone tell me why it was decided to limit the functionality in v2 by
replacing the old queries?? I have tried replacing the new one with the
old, and it seems to work perfectly again.
In fact, functionality was added, not limited.
(n.b. I'm working from memory here)
The old queries effectively merged the check & reply items for all
groups the user is a member of before comparing them / setting reply
items. This can be a pain if you have NAS-specific check items. For
example, if you have groups "VPN users" and "Wireless users" both of
which have a different comparison for NAS-Port-Type, and a user is a
member of both, the merged check items can never match.
The rlm_sql source code & queries were changed to run the queries one
group at a time, and look for / honour the Fall-Through attribute in a
manner similar to the "users" file. That is:
1. Select all entries from radcheck/radreply for the users
2. Select all groups the user is a member of
3. For each group
4. select from radgroupcheck/radgroupreply
5. If check items do not match, goto next group, restart from #4
6. set reply items
7. If not Fall-Through==yes, stop
8. Else, goto next group, restart from #4
Step 7 is the key; if you want all groups to be processed, simply insert
"Fall-Through", "=", "Yes" in the radgroupreply table.
Do note that this will mean more SQL queries, though each with fewer
result rows. This is unlikely to matter unless your SQL database is
particularly slow.
I guess the more important question I am asking is whether I will have any
problems just using the old queries in the new dialup.conf script?
The whole point is you can use any queries you want; if those work
better for you, then use them. But do be aware of why they changed, and
the alternatives (Fall-Through)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
