check items in radgroupcheck?

John Dennis jdennis at
Wed Jun 2 23:49:28 CEST 2010

On 06/02/2010 05:35 PM, Jiann-Ming Su wrote:
> According to the rlm_sql:
> 5. For each group this user is a member of, the corresponding check
> items are pulled from radgroupcheck table and compared with the
> request.  If there is a match, the reply items for this group are
> pulled from the radgroupreply table and applied.

> How many "check items" will freeradius check through?  In my
> testing, it seems like on the first fail, it immediately goes to the
> next group.

doc/rlm_sql says:

In general, the SQL schemas mirror the layout of the 'users' file.
So for configuring check items and reply items, see 'man 5 users',
and the examples in the 'users' file.

man 5 users says:

The check items are a list of attributes used to match the incoming
request.  If the username matches,  AND  all  of  the  check items match
the incoming request, then the reply items are added to the list of
attributes which will be used in the reply to that request. This
process is repeated for all of the entries in the users file.


Then the request pairlist is compared with the tmpcheck pairlist. If
all items match (except for password-related items at this time!)
the following actions are taken:

So there is your answer (and it's documented :-) and it matches the 
behavior you're seeing.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list