Re: multiple entries per radius_check table
On Mon, Jul 1, 2013 at 3:30 PM, Arran Cudbard-Bell wrote: > > On 1 Jul 2013, at 17:59, Matt Zagrabelny wrote: > >> Greetings, >> >> I am using a Pg datastore to hold authentication data and using the Pg >> module for FR to hook into it. >> >> I am using a basic view for the radius_check table: >> >> # SELECT * from radius_check_users where username = 'mzagrabe'; >> id | username | attribute| op | value >> ---+--+++ >> 1 | mzagrabe | Crypt-Password | := | $1$somehash >> >> I'd also like to have the option of denying users with something like: >> >> atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; >> id | username | attribute | op | value >> ---+--+---++ >> 1 | mzagrabe | Auth-Type | := | Reject >> (1 row) >> >> I'd like to create a UNION of these two views so that both records >> would be returned when FR queried for 'mzagrabe'. Is it enough to >> ensure that the "Reject" records appears before the "Crypt-Password" >> records in the resulting UNION for FR to reject the request? > > It can appear before or after, it doesn't matter. > > https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330 Great! Thanks, Arran! Sincerely, -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple entries per radius_check table
On 1 Jul 2013, at 17:59, Matt Zagrabelny wrote: > Greetings, > > I am using a Pg datastore to hold authentication data and using the Pg > module for FR to hook into it. > > I am using a basic view for the radius_check table: > > # SELECT * from radius_check_users where username = 'mzagrabe'; > id | username | attribute| op | value > ---+--+++ > 1 | mzagrabe | Crypt-Password | := | $1$somehash > > I'd also like to have the option of denying users with something like: > > atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; > id | username | attribute | op | value > ---+--+---++ > 1 | mzagrabe | Auth-Type | := | Reject > (1 row) > > I'd like to create a UNION of these two views so that both records > would be returned when FR queried for 'mzagrabe'. Is it enough to > ensure that the "Reject" records appears before the "Crypt-Password" > records in the resulting UNION for FR to reject the request? It can appear before or after, it doesn't matter. https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pap/rlm_pap.c#L330 Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiple entries per radius_check table
Greetings, I am using a Pg datastore to hold authentication data and using the Pg module for FR to hook into it. I am using a basic view for the radius_check table: # SELECT * from radius_check_users where username = 'mzagrabe'; id | username | attribute| op | value ---+--+++ 1 | mzagrabe | Crypt-Password | := | $1$somehash I'd also like to have the option of denying users with something like: atlas-# SELECT * from radius_sanction where username = 'mzagrabe'; id | username | attribute | op | value ---+--+---++ 1 | mzagrabe | Auth-Type | := | Reject (1 row) I'd like to create a UNION of these two views so that both records would be returned when FR queried for 'mzagrabe'. Is it enough to ensure that the "Reject" records appears before the "Crypt-Password" records in the resulting UNION for FR to reject the request? Any other advice or hints? Thanks! -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
