On Tue, Mar 5, 2013 at 9:17 PM, Arran Cudbard-Bell <a.cudba...@freeradius.org> wrote: > > On 5 Mar 2013, at 18:03, Matt Zagrabelny <mzagr...@d.umn.edu> wrote: > >> On Mon, Mar 4, 2013 at 4:28 PM, Arran Cudbard-Bell >> <a.cudba...@freeradius.org> wrote: >> >>> >>> You know SQL supports groups right? and that a group matching can be >>> conditional on attributes in the request? and that you can add aditional >>> config items to client definitions to mark them as a special devices? >> >> Hi Arran, >> >> Thanks for the reply. I've grepped the wiki and mailing list archives >> and could not answer the following: >> >> What do I change in the nas table (in the database) to mark the >> network boxes as "special devices"? I see the schema as: >> >> CREATE TABLE nas ( >> id SERIAL PRIMARY KEY, >> nasname VARCHAR(128) NOT NULL, >> shortname VARCHAR(32) NOT NULL, >> type VARCHAR(30) NOT NULL DEFAULT 'other', >> ports int4, >> secret VARCHAR(60) NOT NULL, >> server VARCHAR(64), >> community VARCHAR(50), >> description VARCHAR(200) >> ); >> >> Is it the "server" field? If so, could you also briefly explain how to >> apply that to group matching? (I have added users to groups using the >> usergroup table, but haven't touched the radgroupcheck/reply yet.) > > So long as you're using static devices in clients.conf you can use the xlat > expansion "%{client:<config item>}".
I am using static devices, but I am using a nas table in a PG database. Does that affect the xlat expansion? I already had a 'shortname' (but not a group field) in the table schema and tried: authorize { update request { Client-Group := "%{client:shortname}" } sql } Here is a snippet of the 'freeradius -X' output: ++[files] returns noop expand: %{client:shortname} -> ++[request] returns noop [sql] expand: %{Stripped-User-Name} -> [sql] ... expanding second conditional You can see that the expand didn't work as expected. Data in the table looks like: atlas=> SELECT * from radius_nas limit 1; id | nasname | shortname | type | secret | server ----+---------+-----------+------+-----------------+-------- 72 | ups | ups | | sUperS3cret | (1 row) And also the configuration in dialup.conf: nas_query = "SELECT id, nasname, shortname, type, secret, server FROM ${nas_table}" Any ideas? Thanks, -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html