Convention, Rule or Convenience?

Deepak d88pak at gmail.com
Mon Aug 10 14:34:03 CEST 2009 

Hi,

Sounds like silly question to myself and having second thoughts about
asking in the list.

I am very new to radius and quite confused about this. Done some
research on this too but could not find the answer I am looking for.

It is something like this:

1) In "radcheck" table I can insert the username and associated
attributes (check and reply) for that user.
2) The same thing can be done by creating a group in "radgroupreply"
for reply attributes and creating a group in "radgroupcheck" for check
attributes then assigning these group to the user.


my question is:

1) Can the group I created in "radgroupcheck" contain the reply
attributes or vice versa? What I mean is will that take effect if
reply and check attributes are mixed in single (either gropucheck or
groupreply)?
2) so the basic question is how does radius check these tables?

(a) Is it the rule (hard coded in freeradius) that it will look for
reply attributes in "groupreply" table and check attributes in
"groupcheck" tables correspondingly?
(b) OR it will just check the available (non empty group) table and
whatever attributes are defined, it simply evaluates?

I am asking this question from point of view that in case I don't use
group tables, I can still mix both reply and check attributes in a
single table in radcheck without using group.



Reason for asking this question:

I want to use as many groups as possible for flexibility reason but
for certain reason I am allowed to use only one group (just assumed).
In this condition, first option will be that I can avoid the group and
put as many attributes for certain user in radcheck. Second option is
I can mix the attributes in either group I create (groupreply or
greoupcheck) and assign this group to the user. But I am not sure
about my second option.


So basically this is a question about how freeradius works internally
in evaluating these attributes.

Need some clarification.

Thanks

-- 
==============================
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==============================

More information about the Freeradius-Users mailing list