On Mon, Aug 6, 2012 at 9:14 AM, Alan DeKok
<aland@deployingradius.com> wrote:
Andrei Petru Mura wrote:
> I can have many groups. For any group, let's suppose I have declared in
> radgroupcheck many attributes (like Session-Timeout, Idle-Timeout,
> Login-Time, ...).
Login-Time is a check attribute. Session-Timeout and Idle-Timeout are
not.
Yes, I know. My mistake.
> Now I want that any user that tries to authenticate,
> no matter what group belongs to, if does not meet successfully the group
> checks, should be rejected.
This isn't really how group checks work. The limitation is due to the
mathematical way group membership works, and not to FreeRADIUS.
Yes, I know. But that's exact the behavior that I want to get from FR. How to make it working like that?
Alan DeKok.