Re: Using two tables (postgreSql) to validate users
Hi Daniel,
It is very easy to use as many tables you need.
You can have in config:
authorize_check_query = "SELECT * FROM
pl_AUTHORIZE_CHECK('%{SQL-User-Name}', '%{User-Password}',
'%{Client-IP-Address}')"
pl_AUTHORIZE_CHECK will be a stored procedure on the postgresql backend.
For example, I used something like this:
sql> CREATE TYPE radius_check_pairs AS (id integer, username text, attrname
text, attrval text, attrop text);
sql> CREATE OR REPLACE FUNCTION pl_AUTHORIZE_CHECK (text, text, text)
RETURNS SETOF radius_check_pairs AS $$
$user = $_[0]; $pass = $_[1]; $nasip = $_[2];
my $rv = spi_exec_query("SELECT status FROM accounts WHERE username = '$user'
AND password='$pass';", 1);
$status = $rv->{rows}[0]{status};
if ($rv->{processed} < 1) {
elog(NOTICE, "AUTHCHECK: User $user / $pass NOT FOUND");
return [ { id => 0, username => $_[0], attrname => 'Auth-Type',
attrval=> 'Reject', attrop => ':=' } ];
}
if ($status != '1') {
elog(NOTICE, "AUTHCHECK: User $user not active");
push @$reply, {
id => 0, username => $_[0], attrname => 'Auth-Type',
attrval => 'Reject', attrop => ':='
};
push @$reply, {
id => 1, username => $_[0], attrname =>
'Reply-Message', attrval => 'Acccount suspended!', attrop => ':='
};
return($reply);
}
elog(NOTICE, "AUTHCHECK: User $user - login ok");
return [ { id => 0, username => $_[0], attrname => 'Auth-Type', attrval =>
'Accept', attrop => ':=' } ];
$$ LANGUAGE plperl;
The advantages of this scenario.. You can have anything you want in
this procedure, including cpan modules :> and you can still run the
radius server on your favorite pentium II with load average 0.
Claudiu Filip
@: [EMAIL PROTECTED]
Http://www.globtel.ro
T:+40344880100
F:+40344880113
> Hi again...
> I have a doubt: Is it possible to use two tables to check the users? I
> need to do something like this... Freeradius checks if the user is valid
> on the table 1, if it returns true the user is validated, but if the
> return is false, freeradius checks the table 2, trying to validate the
> user once again.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using two tables (postgreSql) to validate users
On 2007-07-02 17:48, Daniel Bojczuk wrote: > Let me see if I understood. > > Shold I stop using the rlm_slq and start using rlm_perl with my own > authentication script (using the freeradius' variables and functions, I > read something about it)?? Yes. But of course there may be other (simpler?) solutions (like already mentioned failover syntax), this is one I use myself in little more complicated environment. Best regards, Krzysztof Olędzki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using two tables (postgreSql) to validate users
Let me see if I understood. Shold I stop using the rlm_slq and start using rlm_perl with my own authentication script (using the freeradius' variables and functions, I read something about it)?? Thanks Daniel 2007/7/2, Krzysztof Olêdzki <[EMAIL PROTECTED]>: On 2007-06-30 17:24, Daniel Bojczuk wrote: > Hi again... > > I have a doubt: Is it possible to use two tables to check the users? I > need to do something like this... Freeradius checks if the user is valid > on the table 1, if it returns true the user is validated, but if the > return is false, freeradius checks the table 2, trying to validate the > user once again. > > Is it possible? Yes, for example with rlm_perl. Best reagards, Krzysztof Oledzki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using two tables (postgreSql) to validate users
Krzysztof Ol?dzki <[EMAIL PROTECTED]> said: > On 2007-06-30 17:24, Daniel Bojczuk wrote: > > Hi again... > > > > I have a doubt: Is it possible to use two tables to check the users? I > > need to do something like this... Freeradius checks if the user is valid > > on the table 1, if it returns true the user is validated, but if the > > return is false, freeradius checks the table 2, trying to validate the > > user once again. > > > > Is it possible? > > Yes, for example with rlm_perl. Couldn't it also be done with the failover syntax, as described in doc/configurable_failover? > Best reagards, > > Krzysztof Oledzki -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using two tables (postgreSql) to validate users
On 2007-06-30 17:24, Daniel Bojczuk wrote: > Hi again... > > I have a doubt: Is it possible to use two tables to check the users? I > need to do something like this... Freeradius checks if the user is valid > on the table 1, if it returns true the user is validated, but if the > return is false, freeradius checks the table 2, trying to validate the > user once again. > > Is it possible? Yes, for example with rlm_perl. Best reagards, Krzysztof Oledzki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using two tables (postgreSql) to validate users
Hi again... I have a doubt: Is it possible to use two tables to check the users? I need to do something like this... Freeradius checks if the user is valid on the table 1, if it returns true the user is validated, but if the return is false, freeradius checks the table 2, trying to validate the user once again. Is it possible? Thanks, Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
