[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: help with changing to use named instance of sql module
From: Matt Zagrabelny via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date: 2023-07-31 16:07:45
Message-ID: CAOLfK3VD6s+jKV5eXFHvgFAEqO7+hBt+XXwE1bAR4+5DXzVAwA () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jul 31, 2023 at 10:55 AM Alan DeKok <aland@deployingradius.com> wrote:
>
>
> On Jul 31, 2023, at 11:34 AM, Matt Zagrabelny via Freeradius-Users \
> <freeradius-users@lists.freeradius.org> wrote:
>
> > However, the default working sql configuration does not match the
> > following -X output when I change the configs to use "sql foo {". I am
> > not seeing correct behavior in the post-auth section of
> > sites-enabled/default:
>
> You changed what to what?
Inserted "foo" into 'sql {' within mods-available/sql. Changed group
attribute to:
group_attribute = "${.:instance}-SQL-Group"
and changed '-sql' to '-foo' in sites/available/default.
And of course, what you already found below, added the 'foo:' <---
WRONG!, to the post-auth unlang.
>
> > [...]
> > (0) Auth-Type = Accept, accepting the user
> > (0) # Executing section post-auth from file
> > /etc/freeradius/3.0/sites-enabled/default
> > (0) post-auth {
> > (0) if ("%{client:group}" == 'network-infrastructure') {
> > (0) EXPAND %{client:group}
> > (0) --> network-infrastructure
> > (0) if ("%{client:group}" == 'network-infrastructure') -> TRUE
> > (0) if ("%{client:group}" == 'network-infrastructure') {
> > (0) if (foo:SQL-Group == 'network-admin') {
>
> What's that? You have "foo:SQL-Group"? Where did that come from? That will never \
> work.
Ha! Thanks for the quick eyes, Alan! Indeed, I copied over some other
FR 3.x configs (which used multiple sql instances) to this new system
and curiously transposed the hyphen to a colon.
>
> You'll need to use "foo-SQL-Group" See mods-available/sql, which documents this.
Of course. The docs are great and I have benefited from your efforts.
As always, a pleasure to reach out to FR-users. Thanks for the speedy
assistance!
-m
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic