limiting sessions

Kevin Bonner keb at pa.net
Thu Nov 9 21:06:52 CET 2006


* Try to respond just to the list and not me personally.  I don't enjoy wading 
through duplicate messages.  Thanks!

On Thursday 09 November 2006 11:34, Andrew Long wrote:
> also ran
>
> SELECT
> `usergroup`.`UserName`,
> `usergroup`.`creationdate`,
> `usergroup`.`GroupName`
> from usergroup
> where username = '4aroma70370';
>
> and that also comes up null...
>
> Does it make sense that radius is not recognizing the usernames as
> belonging to the group 'aroma', thus not assigning the group-reply?

Yes, because the radius server does what you configure it to do.  You should 
have control over the usergroup table, so it shouldn't be difficult to add 
the missing records.

If you're still stuck, try sending relevant output from all of your sql 
tables.  The actual row data should be good enough, unless you've mangled the 
table structure to suit local needs.

> This is my current thought on this, but I'm not sure why it would
> still authorize the request, unless it's not necessary that users be
> part of group.

It isn't necessary.  The cleartext password needed for CHAP was provided by a 
module (users, sql, ??), so the access request was accepted.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061109/0f2184ab/attachment.pgp>


More information about the Freeradius-Users mailing list