New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

freeradius virtual server support #72

Open

ftao opened this issue Jun 22, 2015 · 1 comment

Assignees

Labels

Owner

ftao commented Jun 22, 2015

在同一台服务器提供多组不同的认证规则，不同的接入服务器(NAS) 可以连接到不同的端口。
涉及到的修改:

自定义端口
自定义鉴权规则（比如用户一定要属于某一个组) , 可能需要修改SQL .

ftao added the enhancement label

ftao self-assigned this

Owner Author

ftao commented Jun 22, 2015

思路如下:

主配置需要套一个 server
sql.conf 需要重命名为 sql_virtual_server_name.conf
可以删除 customize diaup , 直接把内容放在 sql_virtual_server_name.conf 里面。
加一个 require_group 选项，然后生成一段sql , 覆盖 authorize_check_query

        authorize_check_query = "SELECT id, username, attribute, value, op \
          FROM ${authcheck_table} \
          WHERE username = '%{SQL-User-Name}' \
          AND  EXISTS (SELECT 1 FROM $(usergroup_table) WHERE username = '%{SQL-User-Name}' AND groupname == "SOME GROUP")
          ORDER BY id"

唯一的问题是，如果include 两个role , 生成数据库那部分代码会跑两遍。不过这个问题不大。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment