'Re: help with changing to use named instance of sql module'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: help with changing to use named instance of sql module
From:       Matt Zagrabelny via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date:       2023-07-31 16:07:45
Message-ID: CAOLfK3VD6s+jKV5eXFHvgFAEqO7+hBt+XXwE1bAR4+5DXzVAwA () mail ! gmail ! com
[Download RAW message or body]

On Mon, Jul 31, 2023 at 10:55 AM Alan DeKok <aland@deployingradius.com> wrote:
> 
> 
> On Jul 31, 2023, at 11:34 AM, Matt Zagrabelny via Freeradius-Users \
> <freeradius-users@lists.freeradius.org> wrote:

> 
> > However, the default working sql configuration does not match the
> > following -X output when I change the configs to use "sql foo {". I am
> > not seeing correct behavior in the post-auth section of
> > sites-enabled/default:
> 
> You changed what to what?

Inserted "foo" into 'sql {' within mods-available/sql. Changed group
attribute to:

group_attribute = "${.:instance}-SQL-Group"

and changed '-sql' to '-foo' in sites/available/default.

And of course, what you already found below, added the 'foo:' <---
WRONG!, to the post-auth unlang.

> 
> > [...]
> > (0) Auth-Type = Accept, accepting the user
> > (0) # Executing section post-auth from file
> > /etc/freeradius/3.0/sites-enabled/default
> > (0)   post-auth {
> > (0)     if ("%{client:group}" == 'network-infrastructure') {
> > (0)     EXPAND %{client:group}
> > (0)        --> network-infrastructure
> > (0)     if ("%{client:group}" == 'network-infrastructure')  -> TRUE
> > (0)     if ("%{client:group}" == 'network-infrastructure')  {
> > (0)       if (foo:SQL-Group == 'network-admin') {
> 
> What's that?  You have "foo:SQL-Group"?  Where did that come from?  That will never \
> work.

Ha! Thanks for the quick eyes, Alan! Indeed, I copied over some other
FR 3.x configs (which used multiple sql instances) to this new system
and curiously transposed the hyphen to a colon.

> 
> You'll need to use "foo-SQL-Group"  See mods-available/sql, which documents this.

Of course. The docs are great and I have benefited from your efforts.

As always, a pleasure to reach out to FR-users. Thanks for the speedy
assistance!

-m
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic