On Mon, Aug 6, 2012 at 9:14 AM, Alan DeKok <aland@deployingradius.com>wrote:
Andrei Petru Mura wrote:
I can have many groups. For any group, let's suppose I have declared in radgroupcheck many attributes (like Session-Timeout, Idle-Timeout, Login-Time, ...).
Login-Time is a check attribute. Session-Timeout and Idle-Timeout are not.
Yes, I know. My mistake.
Now I want that any user that tries to authenticate, no matter what group belongs to, if does not meet successfully the group checks, should be rejected.
This isn't really how group checks work. The limitation is due to the mathematical way group membership works, and not to FreeRADIUS.
Yes, I know. But that's exact the behavior that I want to get from FR. How to make it working like that?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html