On Mon, Aug 6, 2012 at 9:14 AM, Alan DeKok <aland@deployingradius.com> wrote:
Andrei Petru Mura wrote:
> I can have many groups. For any group, let's suppose I have declared in
> radgroupcheck many attributes (like Session-Timeout, Idle-Timeout,
> Login-Time, ...).

  Login-Time is a check attribute.  Session-Timeout and Idle-Timeout are
not.

Yes, I know. My mistake.
 
> Now I want that any user that tries to authenticate,
> no matter what group belongs to, if does not meet successfully the group
> checks, should be rejected.

  This isn't really how group checks work.  The limitation is due to the
mathematical way group membership works, and not to FreeRADIUS.

Yes, I know. But that's exact the behavior that I want to get from FR. How to make it working like that?
 
  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html