FreeRadius 2 w/ MySQL - Group check issue
Craig Schurr
craigschurr at gmail.com
Sat Feb 27 22:40:34 CET 2010
Alan,
Initially, I made the assumption that there was an implicit deny.
After re-reading the docs, I have created an "implicitdeny" group that I
assign to all new users with a priority of 1000. The only attribute set in
this group is Auth-Type = Reject. So, if there is a match for any other
groups with a priority number less than 1000, the customer is accepted and
those group rules are applied.
I was just wondering if there was a maximum priority number, other than the
character limit in my mysql field.
Thanks again for all the help,
Craig
On Sat, Feb 27, 2010 at 1:05 PM, Alan DeKok <aland at deployingradius.com>wrote:
> Craig Schurr wrote:
> > If no attributes in the radgroupcheck table are matched I have a group
> > with a higher priority number to act as an implicit deny.
>
> There is no "implicit deny". The documentations aays "if there is a
> match, the reply items are applied".
>
> It does NOT say "if there is no match, the user is rejected".
>
> If you want a user to be rejected, you have to configure that.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100227/b42b4dfa/attachment.html>
More information about the Freeradius-Users
mailing list