<div>Alan,<br></div><div><br></div><div>Initially, I made the assumption that there was an implicit deny.</div><div><br></div><div>After re-reading the docs, I have created an "implicitdeny" group that I assign to all new users with a priority of 1000. The only attribute set in this group is Auth-Type = Reject. So, if there is a match for any other groups with a priority number less than 1000, the customer is accepted and those group rules are applied.</div>
<div><br></div><div>I was just wondering if there was a maximum priority number, other than the character limit in my mysql field.</div><div><br></div><div>Thanks again for all the help,</div><div>Craig</div><br><div class="gmail_quote">
On Sat, Feb 27, 2010 at 1:05 PM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">Craig Schurr wrote:<br>
> If no attributes in the radgroupcheck table are matched I have a group<br>
> with a higher priority number to act as an implicit deny.<br>
<br>
</div> There is no "implicit deny". The documentations aays "if there is a<br>
match, the reply items are applied".<br>
<br>
It does NOT say "if there is no match, the user is rejected".<br>
<br>
If you want a user to be rejected, you have to configure that.<br>
<div><div class="h5"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>