Oh I guess I did skip over the easier way, default AuthSelect is
select PASSWORD from SUBSCRIBERS where USERNAME='%n'
So assuming I wanted to not let users in with the UNIXGROUP Field in the
SUBSCRIBERS Table
of 9206, id do
select PASSWORD from SUBSCRIBERS where USERNAME='%n' AND UNIXGROUP != 9206
Id thought about that, query will come back empty for a user with 9206 in
UNIXGROUP, so they will get an Auth-Reject.
Much simpler...
----- Original Message -----
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Ron Hensley" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, October 18, 2000 8:10 PM
Subject: Re: (RADIATOR)
>
> Hello Ron -
>
> On Thu, 19 Oct 2000, Ron Hensley wrote:
> > Evening,
> >
> > I've got 99% of everything coverted over to use SQL, logging, sessions,
and
> > tested with a few users
> > as auth-type. However currently I am using Auth-Type = System for unix
> > password authentication, due
> > to the way we're setup. I need to block users who belong to a certain
unix
> > group. (only concerned with Primary Group)
> >
> > This is working fine. However id like to totally switch to SQL. All my
users
> > are in my SQL database, and I added
> > a field, UNIXGROUP, which holds the unix group for that user.
> >
> > >From what I can tell, the way to do this will be a GlobalVar to hold
the
> > currently being processed users group:
> > GlobalVar UnixGroup 9002
> > and then use a PreHandlerHook, to make an SQL query,
> > SELECT UNIXGROUP FROM SUBSCRIBERS WHERE USERNAME = ' %n';
> > and store the return in the global %{UnixGroup} variable.
> >
> > Then, to actually use the group id have
> > <HANDLER UnixGroup=9002>
> > ..
> > </Handler>
> >
> > Is this the correct way to do this, right hook spot and right way to
utilize
> > it in a hanlder?
> > Any Perl whizzes (Perl Whiz Im not :P ), that know what code would work
in a
> > sub to run that query and
> > stuff the results in that variable, using Radiators hook system?
> >
>
> I think you can do this more simply by changing your AuthSelect statement
to do
> the right thing.
>
> However, if you do want to use a PreHandlerHook, you should store your
> UnixGroup pseudo-attribute in the current request packet ($p in your
hook),
> otherwise you will not be able to set up your Handler(s) as you have shown
> above. Do not use GlobalVar's for this, as GlobalVar's are expected to be
used
> for unchanging global variables, and there is no guarantee in the future
(with
> a threaded version of Radiator) that a GlobalVar will have any relevance
to a
> particular radius request packet.
>
> Have a look at the example hooks in "goodies/hooks.txt".
>
> regards
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
