isidoros wrote:
James:
I'm allmost there (now I'm thinking like this) 1) authorize_group_check_query: to check of the user is in a group 2) authorize_group_check_query: retrieve the check-items for this group (which is my solution) 3) authorize on the check-items. if the expression is like this "whether or not to authorize a request, such as User-Password == "mypassword", or Calling-Station-Id != "5554796". will all users in the same group authorize by the same password?
I guess my question is: Is the group check additional to the user check.
Yes, it is additional. Typically you wouldn't check User-Password in the group checks. radcheck is for user-specific checks (like User-Password). Cheers, -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: james.wakefield@deakin.edu.au Website: http://www.deakin.edu.au