Hello, Are check lines in the "users" file short-circuit "AND" evaluated from left to right? Extrapolating this presumption out to radgroupcheck when using a MySQL database, are the check items evaluated simply in order of column id value (ie. the order they are returned from the SELECT)? authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" Just trying to wrap my head around how one might do something useful with radgroupcheck. I guess you are supposed to be able to match some condition on the row whose group matches with the lowest column ID and then subsequent rows that also have the same matching group (with higher column ID's) can be used to set attributes or look for further requisite conditions? I am actually wanting to reject connections when groups of users come in on the wrong huntgroup. I've seen significant discussion and confusion in the mailing list archives in regards to this. Most of the time I see people say "use radcheck to reject." I did spot a gem from Ivan Kalik, though, which led me down this path.
However, the issue remains: I do not want the user to be rejected per se. I only want the user to be rejected if her own huntgroup as stored in radgroupcheck is different from he huntgroup of the Called-Station-Id in the radhuntgroup table. The goal is to prevent a user to login to a hotspot router, that does not belong to the huntgroup the user belongs to.
Hm, and what do you think:
Huntgroup-Name != "Test", Auth-Type := Reject
that does? As a joke, put them in radgroupcheck and see if it does *exactly* what you have described.
Thanks for your help, -M