Re: [Help-gnu-radius] user attr table for SQL auth.

[Sergey Poznyakoff]

> I'm needing a better explanation of how this table works..
[...]
> ('dummy','NAS-Identifier','smtp','')

The last column of the attr table keeps the comparison operator. Its
value can be either NULL or one of '=', '!=', '>', '<', '>=', '<='.
It cannot be just '' (a zero-length string). That's why you are
getting `SQL: invalid operator:' errors.

If the value of op field is NULL, then the whole record is taken
to represent an RHS pair, i.e. a pair that is to be returned to the
NAS. Thus the following record

     ('dummy','NAS-Identifier','smtp',NULL)

is useless, since it doesn't make much sense to return NAS-Identifier
to the NAS itself. On the other hand the record

     ('dummy','Service-Type','PPP',NULL)

is quite OK (NASes often require Service-Type to be present in the
reply packets).

Now, let's consider the case where op != NULL. The record

     ('dummy','NAS-Identifier','smtp','=')

means that the raddb/users entry

DEFAULT Auth-Type=SQL,
           Service-Type = Authenticate-Only
        Service-Type = Authenticate-Only


will succeed *only* if the incoming packet contains pair

     NAS-Identifier = "smtp"

Otherwise, the user is deemed not to be found in the database and
the diagnostic message `Invalid user: [dummy]' is issued.

Notice that the comparison for all LHS attributes (whether explicit or
retrieved form an SQL database) is conjunctive (logical AND). There is
no way to specify logical OR. There may be however several ways out
of this difficulty. Specifically, in your case, you should create a
huntgroup, e.g.:

MYGROUP   NAS-Identifier = smtp NULL
MYGROUP   NAS-Identifier = imap NULL

and then apply it to the raddb/users entry either explicitly:

DEFAULT  Auth-Type = SQL,
                   Huntgroup-Name = MYGROUP
                   Service-Type = Authenticate-Only
         Service-Type = Authenticate-Only

or implicitly, by inserting into SQL record

     ('dummy','Huntgroup-Name','MYGROUP','=')


Regards,
Sergey