FreeRadius 2 w/ MySQL - Group check issue

Craig Schurr craigschurr at
Sat Feb 27 18:19:26 CET 2010

Apparently I am misunderstood the rlm_sql docs.  I see that it is running
the mysql group check and reply queries.

/doc/rlm_sql reads:
>5. For each group this user is a member of, the corresponding check items
>are pulled from radgroupcheck table and compared with the request. If
>there is a match, the reply items for this group are pulled from the
>radgroupreply table and applied.

If no attributes in the radgroupcheck table are matched I have a group with
a higher priority number to act as an implicit deny.  One last question, is
there a max priority for groups?  The mysql field allows 11 characters, so
the max priority I could store would be 99999999999, but I wasn't sure if
there was anything that would limit it other than that character limit.


On Sat, Feb 27, 2010 at 1:58 AM, Alan DeKok <aland at>wrote:

> Craig Schurr wrote:
> > If I understand correctly the following request should be denied because
> > the NAS-Identifier in the request doesn't match the one specified in the
> > groupcheck table.
>   No.  Read doc/rlm_sql.  The Wiki also has a copy of that page.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list