return ALL the AVPs for a username that belongs multiple groups
Shane Hart
shane at sme-solutions.com.au
Wed Nov 9 05:23:24 CET 2005
Lenir wrote:
>Can anyone please help me with this?
>
>Thanks,
>
>Lenir
>
>
Just a thought. Create a 3rd group with the attributes you need?
>-----Original Message-----
>From: freeradius-users-bounces at lists.freeradius.org
>[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Lenir
>Sent: Wednesday, November 02, 2005 7:34 PM
>To: 'FreeRadius users mailing list'
>Subject: RE: return ALL the AVPs for a username that belongs multiple groups
>
>Here's the rest of my config. Notice, that username 3000 belongs to group
>Dialin and Dialin2. The user can register fine, however in this case the
>Access-Accept packet only returns the AVPs related to group Dialin (I'm
>guessing is because it's the first one that it matches).
>
>mysql> select * from radcheck;
>+----+----------+-----------+----+----------+
>| id | UserName | Attribute | op | Value |
>+----+----------+-----------+----+----------+
>| 1 | Jhassell | Password | == | changeme |
>| 2 | Rneis | Password | == | changeme |
>| 3 | 1000 | Password | == | 1000 |
>| 4 | 2000 | Password | == | 2000 |
>| 5 | 3000 | Password | == | 3000 |
>+----+----------+-----------+----+----------+
>5 rows in set (0.00 sec)
>
>mysql> select * from radreply;
>Empty set (0.00 sec)
>
>mysql> select * from usergroup;
>+----+----------+------------+
>| id | UserName | GroupName |
>+----+----------+------------+
>| 1 | Jhassell | Dialin |
>| 2 | Rneis | Staticdial |
>| 3 | 1000 | Dialin |
>| 4 | 2000 | Dialin |
>| 5 | 3000 | Dialin |
>| 6 | 3000 | Dialin2 |
>+----+----------+------------+
>6 rows in set (0.00 sec)
>
>mysql> select * from radgroupcheck;
>Empty set (0.00 sec)
>
>mysql> select * from radgroupreply;
>+----+-----------+---------------+----+----------------------------------+--
>---+
>| id | GroupName | Attribute | op | Value |
>prio |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>| 1 | Dialin | Reply-Message | = | "Authenticated by group Dialin" |
>0 |
>| 2 | Dialin2 | SIP-AVP | = | Cust-AVP:feat_2 |
>0 |
>| 3 | Dialin | SIP-AVP | = | Cust-AVP:feat_1 |
>0 |
>+----+-----------+---------------+----+----------------------------------+--
>----+
>3 rows in set (0.00 sec)
>
>mysql> select * from radpostauth;
>Empty set (0.00 sec)
>
>-----Original Message-----
>From: freeradius-users-bounces at lists.freeradius.org
>[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Alan
>DeKok
>Sent: Friday, October 28, 2005 1:34 PM
>To: FreeRadius users mailing list
>Subject: Re: return ALL the AVPs for a username that belongs multiple groups
>
>"Lenir" <lenirsantiago at yahoo.com> wrote:
>
>
>>Radius replies with the AVPs of the first group that it
>>matches that the user belongs to. Instead of returning all the AVPs for
>>
>>
>all
>
>
>>the groups that the user belongs to.
>>
>>
>
> The example you posted didn't include groups or reply AVP's.
>
>
>
>>So I guess the question is, can a user belong to multiple groups? If so,
>>
>>
>how
>
>
>>can radius reply with all the AVPs that correspond to ALL the groups that
>>the user belongs to?
>>
>>
>
> Yes, and you configure the server to do that.
>
> Alan DeKok.
>
>
More information about the Freeradius-Users
mailing list