This parameter defines the SQL statement that is run to
determine the details of the target RADIUS server. It is run for each
request that is handled by the AuthBy. If no reply is received by the
target RADIUS server for a given request, it is rerun to find a secondary
server, and so on until either HostSelect
returns no
more rows, or the number of times exceeds
NumHost
s.
If HostSelect
returns no rows, and if <AuthBy SQLRADIUS>
contains <Host xxxxxx>
clauses, then the
request is proxied according to the <Host>
clauses in order, the same as with <AuthBy
RADIUS>
. This is a useful catchall for unknown realms, and
could be used to proxy to a GoRemote (GRIC) server or
similar.
HostSelect
is expected to return at
least the target host name/address and the shared secret in that order.
Optionally, you can also fetch a number of other columns to control the
proxying process, including RetryCount
, target ports
and such. The columns fetched by HostSelect
are used
to determine the following <AuthBy RADIUS>
Host
parameters in this order. Any column that is NULL is ignored.
HostSelect
can contain any of the special characters. For more information, see
Section 3.3. Special formatters. Also,
%0
is replaced by the current host counter for this
request. The counter starts with the value of
StartHost
which defaults to
1
. You
can therefore use
%0
to select a different column each
time
HostSelect
is run.
%1
is
replaced with SQL quoted realm.
The default value is:
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT,\
RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS, \
SERVERHASBROKENPORTNUMBERS,SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS \
where TARGETNAME=%1
The default value works with the example
tables supplied in goodies/*.sql
. Note that this
allows for up to 2 target hosts per Realm, primary and secondary, and that
the Realm to match goes in the TARGETNAME column.
Note
Details about
failure history, backoff times and such are cached within Radiator memory,
not in the SQL database.
Example
If you have a simple SQL table with one target host per Realm,
<AuthBy SQLRADIUS>
contains:
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,\
RETRYTIMEOUT, USEOLDASCENDPASSWORDS, \
SERVERHASBROKENPORTNUMBERS, SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME=?
HostSelectParam %1
NumHosts 1
Example
If you want to choose the target RADIUS server based on
Called- Station-Id and Realm, and multiple Called-Station-Ids can map to
the same target RADIUS servers, and if the target has a primary and a
secondary RADIUS server, you can use the example RADSQLRADIUS and
RADSQLRADIUSINDIRECT tables, plus an <AuthBy
SQLRADIUS>
containing:
HostSelect select R.HOST%0, R.SECRET, R.AUTHPORT, \
R.ACCTPORT, R.RETRIES, R.RETRYTIMEOUT, \
R.USEOLDASCENDPASSWORDS, R.SERVERHASBROKENPORTNUMBERS, \
R.SERVERHASBROKENADDRESSES, R.IGNOREREPLYSIGNATURE, \
R.FAILUREPOLICY from RADSQLRADIUS R, RADSQLRADIUSINDIRECT I \
where I.SOURCENAME=? and I.TARGETNAME=R.TARGETNAME
HostSelectParam %{Called-Station-Id}
NumHosts 2