Alan,
Initially, I made the assumption that there was an implicit deny.
After re-reading the docs, I have created an "implicitdeny" group that I assign to all new users with a priority of 1000. The only attribute set in this group is Auth-Type = Reject. So, if there is a match for any other groups with a priority number less than 1000, the customer is accepted and those group rules are applied.
I was just wondering if there was a maximum priority number, other than the character limit in my mysql field.
Thanks again for all the help,
Craig
On Sat, Feb 27, 2010 at 1:05 PM, Alan DeKok
<aland@deployingradius.com> wrote:
Craig Schurr wrote:
> If no attributes in the radgroupcheck table are matched I have a group
> with a higher priority number to act as an implicit deny.
There is no "implicit deny". The documentations aays "if there is a
match, the reply items are applied".
It does NOT say "if there is no match, the user is rejected".
If you want a user to be rejected, you have to configure that.