On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin<jumbo@vinf.ru> wrote:
+----+----------+--------------------+----+----------+ | id | username | attribute | op | value | +----+----------+--------------------+----+----------+ | 5 | jack | Huntgroup-Name | == | wireless | | 4 | jack | Cleartext-Password | := | foo | +----+----------+--------------------+----+----------+ You wrote rules for authorization/athentication of jack: Jack grants access from hardware of 'wireless' huntgroup with 'foo' password.
I wrote the rules for huntgroup here because the rules in groupcheck didn't work. If I take this out, just keeping the groupcheck, 'jack' will connect from any hardware. The groupcheck is ignoring the huntgroups.
"Didn't work"? Sql groups emulate the way DEFAULT entries in users file work. The situation there is the same - if check doesn't match, entry is skipped. They do not emulate user entries - that's what radcheck/radreply entries do. That's why entries in radcheck "worked" and those in radgroupcheck "didn't". Ivan Kalik Kalik Informatika ISP