Default behavior for users not in any group
A.L.M.Buxey at lboro.ac.uk
Tue Oct 12 11:54:29 CEST 2010
> I have freeradius 2.1.6 with rlm_sql_oracle. There is a plenty of users in radcheck table and several of them are a members of a group. As stated in comments in the dialup.conf all other users are a members of the group DEFAULT if I understood it right. I put the fields DEFAULT Auth-Type := Reject in the radgroupcheck table but it seems that radius doesn't process the group checks if there is no explict group record for the user in radusergroup table even if I set read_groups. The radius accepts the requests if the username and password matches.
> How can I reject users not stated in the group without explictly assigning them to the DEFAULT group in radusergroup?
if you run briefly in full debug mode - ie 'radiusd -X' and then spend some time
with a coffee or herbal tea or Jolt..or whatever - you can read exactly what the
server is doing...you can watch and disect its logic and see exactly why
its not doing what you want. then you can change it :-)
More information about the Freeradius-Users