FreeRadius 2 w/ MySQL - Group check issue
Craig Schurr
craigschurr at gmail.com
Sat Feb 27 18:19:26 CET 2010
Alan,
Apparently I am misunderstood the rlm_sql docs. I see that it is running
the mysql group check and reply queries.
/doc/rlm_sql reads:
>5. For each group this user is a member of, the corresponding check items
>are pulled from radgroupcheck table and compared with the request. If
>there is a match, the reply items for this group are pulled from the
>radgroupreply table and applied.
If no attributes in the radgroupcheck table are matched I have a group with
a higher priority number to act as an implicit deny. One last question, is
there a max priority for groups? The mysql field allows 11 characters, so
the max priority I could store would be 99999999999, but I wasn't sure if
there was anything that would limit it other than that character limit.
Thanks,
Craig
On Sat, Feb 27, 2010 at 1:58 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Craig Schurr wrote:
> > If I understand correctly the following request should be denied because
> > the NAS-Identifier in the request doesn't match the one specified in the
> > groupcheck table.
>
> No. Read doc/rlm_sql. The Wiki also has a copy of that page.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100227/8c037162/attachment.html>
More information about the Freeradius-Users
mailing list