Re: [Help-gnu-radius] Changing auth based on client

[Charles Sprickman]

I said:

> I think I've got it.  The values for which services are allowed are a bit
> odd; they are "bitwise operators" (?), hopefully I've got the terminology
> correct.  Anyhow, it seems mysql groks/converts these for me, so all I
> need to do is alter the query based on which client connects.
>
> So here's my new, rephrased question for you all:
>
> - A rewrite rule should be able to be triggered on which client IP
> connects, right?
> - I can, in that rewrite rule either alter or create a macro, right?
> - In my SQL conf, I can end it with an "AND pw_gid=%that_macro"

I found this in the list archives:

http://mail.gnu.org/archive/html/help-gnu-radius/2003-02/msg00009.html

Can "Auth-Data" contain a fairly long string like "AND !(pw_gid & 128)"?

If so, this seems like a perfect solution.  I think it would go something
like this.

huntgroups:

LOCAL NAS-IP-Address = 192.168.0.1    NULL
ROAM NAS-IP-Address = 10.0.0.1        NULL
NEWS NAS-IP-Address = 172.10.0.1      NULL

users:

DEFAULT Huntgroup-Name = LOCAL,
        Auth-Type = SQL,
        Auth-Data = "!(pw_gid & 64)"
        Service-Type = Framed-User

DEFAULT Huntgroup-Name = ROAM,
        Auth-Type = SQL,
        Auth-Data = "!(pw_gid & 128)"
        Service-Type = Framed-User

DEFAULT Huntgroup-Name = NEWS,
        Auth-Type = SQL,
        Auth-Data = "!(pw_gid & 256)"
        Service-Type = Framed-User

sqlserver:

auth_query  SELECT pw_passwd \
            FROM vpopmail \
            WHERE pw_name='%u' \
            AND %C{Auth-Data}

If I'm following things correctly, this will give me the queries I need.
Are there any issues with the "!" and parens in "Auth-Data"?

Thanks,

Charles