On 5 Mar 2013, at 18:03, Matt Zagrabelny <mzagr...@d.umn.edu> wrote:
> On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell > <a.cudba...@freeradius.org> wrote: > >> >> You know SQL supports groups right? and that a group matching can be >> conditional on attributes in the request? and that you can add aditional >> config items to client definitions to mark them as a special devices? > > Hi Arran, > > Thanks for the reply. I've grepped the wiki and mailing list archives > and could not answer the following: > > What do I change in the nas table (in the database) to mark the > network boxes as "special devices"? I see the schema as: > > CREATE TABLE nas ( > id SERIAL PRIMARY KEY, > nasname VARCHAR(128) NOT NULL, > shortname VARCHAR(32) NOT NULL, > type VARCHAR(30) NOT NULL DEFAULT 'other', > ports int4, > secret VARCHAR(60) NOT NULL, > server VARCHAR(64), > community VARCHAR(50), > description VARCHAR(200) > ); > > Is it the "server" field? If so, could you also briefly explain how to > apply that to group matching? (I have added users to groups using the > usergroup table, but haven't touched the radgroupcheck/reply yet.) So long as you're using static devices in clients.conf you can use the xlat expansion "%{client:<config item>}". Add an extra string attribute to raddb/dictionary, something like Client-Group, then populate it before calling the sql module. authorize { update request { Client-Group := "%{client:group}" } sql } Then add a 'group' config item in the client {} definition. You can then use Client-Group as a check item. -Arran > > Thanks for any help! > > -mz > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html