On 10/04/2012 11:47 AM, Jesús Rodríguez wrote:
> Is possible to use a value returned in an <AuthBy SQL> AuthSelect query in a
> subsequent <AuthBy>?.
Yes. Instead of using 'check' as the type for AuthColumnDef, use
'request'. That will put the retrieved value in the request for later
use. For the details, please see the reference manual section '5.31.11
AuthColumnDef'.
Thanks,
Heikki
> An example:
>
> <Handler Client-Identifier=preauth,Calling-Station-Id="1234567">
> AuthByPolicy ContinueWhileAccept
> AddToRequest X-pre-auth-required-result = 1
> <AuthBy SQL>
> AuthSelect select
> validate_preauth('%{Calling-Station-Id}','',%0,'','','','','','','','','','',0,1,0,now())
> AuthColumnDef 0, X-pre-auth-required-result, check
> </AuthBy>
>
> In this case, the AuthSelect would return two values. The first one is used
> as check value. I would like to get the second returned value and use it in a
> subsequent <AuthBy> within the same <Handler> clause. Is possible to save the
> second value in a variable or pseudo-attribute and use it later on?.
>
> Thanks and regards.
>
>
>
>
>
> El 27/06/2012, a las 13:21, Jesús Rodríguez <jes...@voztele.com> escribió:
>
>> ---------- Forwarded message ----------
>> From: Heikki Vatiainen <h...@open.com.au>
>> Date: Sun, Jun 24, 2012 at 10:59 PM
>> Subject: Re: [RADIATOR] Authentication without check attributes
>> To: radiator@open.com.au
>>
>>
>> On 06/23/2012 04:32 PM, Jesús Rodríguez wrote:
>>
>>> To authenticate a dsl pre-authentication request, i have to use a mysql
>>> function query (using AuthBy mysql) that returns 1 (accept) or 0 (reject),
>>> with no check attributes or other values i can use as check parameters.
>>>
>>> How can i send the Accept or Reject based on the returned 1 or 0 values?.
>>
>> Try something like this:
>>
>> <Handler ...>
>> AddToRequest X-pre-auth-required-result = 1
>> <AuthBy SQL>
>> AuthSelect your-mysql-function
>> AuthColumnDef 0, X-pre-auth-required-result, check
>> ...
>> ...
>>
>> Here X-pre-auth-required-result is a local pseudo-attribute. You can
>> name it as you want, but the main thing is it will never come from the
>> NAS and has a fixed value you can compare against value returned from
>> MySQL function.
>>
>> Thanks,
>> Heikki
>
>
>
>
> ------------------------------------
> Jesus Rodriguez
> VozTelecom Sistemas, S.L.
> jes...@voztele.com
> http://www.voztele.com
> Tel. 902360305
> -------------------------------------
>
>
>
>
>
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
