On 04/01/13 14:18, Joe Rogers wrote:

I am having difficulties implementing the following users file
configuration in sql using freeradius 2.2.0:

user1     Calling-Station-Id == "xx-xx-xx-xx-xx-xx"
         Tunnel-Private-Group-ID = VLAN1,
         Tunnel-Medium-Type = IEEE-802,
         Tunnel-Type = VLAN

user1     Calling-Station-Id == "yy-yy-yy-yy-yy-yy"
         Tunnel-Private-Group-ID = VLAN2,
         Tunnel-Medium-Type = IEEE-802,
         Tunnel-Type = VLAN

I'm attempting to send different reply attributes for the same username
based on different check attributes.  But, I'm having a hard time seeing
how this is possible with rlm_sql using the default
authorize_check_query and authorize_reply_query settings.  I can
certainly re-write those queries, but I'm hoping that I'm simply
overlooking the proper way to configure this.

I think you need to rewrite the queries. IIRC there is no way to have >1 set of radcheck/radreply users for a single user; the check/reply entries are merged.

You can probably (ab)use the groups functionality to do this.

Or, don't use the radcheck/radreply stuff at all; instead use an SQL xlat in "unlang":

post-auth {
  update reply {
    Tunnel-Private-Group-ID = "%{sql:select vlan ... where ...}"
    Tunnel-Medium-Type = IEEE-802
    Tunnel-Type = VLAN
  }
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to