Now I want to implement a check, that verifies if a user authenticating with 10000@realma.com is also in the group "realmA" and reject the request if this is not the case. This way I want to implement a "user X purchased product Y?"
Already tried this: Adding in the radusergroup table: +------------------+-----------+-----------+ | username | groupname | priority | +------------------+-----------+-----------+ | 10000@realmA.com | realmA | 10 | +------------------+-----------+-----------+
And in the radgroupcheck table: +----+-----------+-----------+----+------------+ | id | groupname | attribute | op | value | |----+-----------+-----------+----+------------+ | 1 | realmA | Realm | != | realma.com | +----+-----------+-----------+----+------------+
And finally in the radgroupreply table: +----+-----------+---------------+----+-----------------------+ | id | groupname | attribute | op | value | +----+-----------+---------------+----+-----------------------+ | 1 | realmA | Auth-Type | := | Reject | +----+-----------+---------------+----+-----------------------+
You do know that this doesn't do anything. If the password is linked to username 10000@realmA.com these group checks are pointless.
And of course, my debug output says: rlm_realm: Adding Realm = "~^realmA.com$"
That shouldn't happen. realm suffix should return realmA.com as Realm (without those regex things). Post the whole debug. Ivan Kalik Kalik Informatika ISP