[RADIATOR] AuthBy SQL Reject or Accept in the SQL results

Heikki Vatiainen hvn at open.com.au
Thu Feb 9 08:32:14 CST 2012


On 02/09/2012 01:43 PM, Michael wrote:

> I use a reject column in my user database, and SELECT it like this:
> SELECT username, crypt, CONCAT('Reject:',reject), ....
> 
> and:
> AuthColumnDef   2, Auth-Type, check

Yes, this is a very good method to do it.

> so, if the reject column is NULL, CONCAT returns NULL and it passed, but if the reject column has text in it, CONCAT returns 'Reject:reject reason', and the user is rejected.

Also, if SQL call returns 'Accept', the password check must still be
successful. So Auth-Type by itself does not accept the user if the
password is wrong.

A slight difference between this method and using hooks is the returned
Reply-Message with bad password. The above method returns Bad password
while with hooks it's possible to return message from SQL call.

Thanks!
Heikki

> 
> 
> On 12-02-08 12:40 PM, Lee Solway wrote:
>> Is there a way I can set an access Accept or Reject in the MySQL results
>> generated by AuthBy SQL?
>>
>> Currently I have a stored procedure that I call in the following.. I
>> would like the SP to be able to reject the Access-Request with an error
>> message also if possible..
>>
>>      AuthSelect            CALL get_reply_attr('%U')
>>      AuthColumnDef     0, GENERIC, reply
>>      AuthColumnDef     1, User-Password, check
>>
>> Thanks,
>> Lee
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list