Ackbar Joolia wrote:
The radcheck table contains an entry for the password. The radreply table contains a Fall-Through = Yes for the user user1. The radgroupcheck contains groupnames (coming from the usergroup table) and Calling-Station-Id which I need to authenticate against. The radgroupreply table contains the replies I want to send to the different groups, which would have been authenticated/differentiated through their calling-station-id.
That's not right, and if I'm understanding you correctly you can't do exactly what you want with the current release version of FreeRadius.
Fall-Through does nothing on the current release version of FreeRadius - the SQL module merges the user and all the group check items into one, checks them, then puts all the reply items in. Since they're all merged, putting users into >1 group with conflicting check items will fail, as will putting users into >1 group with the same reply items.
Also, you would not normally assign IPs to groups - you would assign them to sessions from a pool (see rlm_sqlippool) or statically to users (using Framed-IP-Address in the radreply items)
Could you be a bit more specific about what you're trying to do?