Re: Grouping accounts

> On Wed, Feb 23, 2005 at 08:22:21AM +1100, Michael Mitchell wrote:
> > From: Michael Mitchell <mitchell.michael@bigpond.com>
> > To: freeradius-users@lists.freeradius.org
> > Subject: Re: Grouping accounts
> > Date: Wed, 23 Feb 2005 08:22:21 +1100
> >
> > I'm not sure that Steven ever mentioned that his user database is ldap
> > (perhaps Steven could clarify this for us?)??
>
> PostgreSQL.

Must have combined posts in my head and thought you were doing ldap.
Sorry.

> > I'm sure you could do a very similar thing with sql - have an "Account"
> > table for billing purposes, and a "Service" table for authentication
> > purposes, with each service linked back to the "Account" via an "Account
> > ID".
> >
> > You may have to play with the accounting queries in the sql module
> > configuration a little if you want the accounting records to reference
> > the "Account ID"...
>
> I've been talking to the boss and one of the Perl programmers. Apparently
> we're going to do it using FreeRadius/Perl/PostgreSQL.
>
> I thought LDAP was the way to go, but I was wrong.
>
> Steven.

I think LDAP is the way to go, as its designed just for this kind of
thing. It is optimized for reads, and its purpose is to store attributes
about an object. This is really what authorization and authentication is
all about (in my opinion).

But, postgres will probably get you what you need too. You can do
something similar to what I talked about for ldap. You will create two
sql instances and then change the sql queries for each one.

sql ftpusers {
authorize_check_query = "SELECT .... from something..."
}

sql dialusers {
...
}

Then modify the users so that the huntgroup for ftp users runs ftpusers
sql instance and dial to dial.

Good luck.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html