FreeRadius 2 w/ MySQL - Group check issue

Craig Schurr craigschurr at
Sat Feb 27 22:40:34 CET 2010


Initially, I made the assumption that there was an implicit deny.

After re-reading the docs, I have created an "implicitdeny" group that I
assign to all new users with a priority of 1000.  The only attribute set in
this group is Auth-Type = Reject.  So, if there is a match for any other
groups with a priority number less than 1000, the customer is accepted and
those group rules are applied.

I was just wondering if there was a maximum priority number, other than the
character limit in my mysql field.

Thanks again for all the help,

On Sat, Feb 27, 2010 at 1:05 PM, Alan DeKok <aland at>wrote:

> Craig Schurr wrote:
> > If no attributes in the radgroupcheck table are matched I have a group
> > with a higher priority number to act as an implicit deny.
>   There is no "implicit deny".  The documentations aays "if there is a
> match, the reply items are applied".
>  It does NOT say "if there is no match, the user is rejected".
>  If you want a user to be rejected, you have to configure that.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list