RADIUS does not send reply for all groups the user is a member of
Fajar A. Nugraha
list at fajar.net
Tue Aug 23 07:35:47 CEST 2011
On Tue, Aug 23, 2011 at 12:23 PM, Det Det <det.explorer at yahoo.com> wrote:
> Hi,
> user1 is a member of group1 and group2. both group1 and group2 has replies
> in radgroupreply table.
> when freeradius query for radusergroup, it will only get the first group the
> user is a member of and will proceed to get the reply attributes for that
> group as below.
> query1: SELECT groupname FROM radusergroup WHERE
> username = 'user1 at domain.com' ORDER BY priority
> query2: SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = 'group1' ORDER BY id
> from the debug, it does not do this query
> query3: SELECT id, groupname, attribute, value, op FROM
> radgroupreply WHERE groupname = 'group2' ORDER BY id
> any idea why?
> i am very sure that query 1 returns more that one value (that is 2 groups,
> group1 and group2)
If you want more help, you need to provide more output from debug log,
and (possibly) what's in the radusergroup/radgroupcheck/radgroupreply.
In the mean time, see doc/rlm_sql. A snippet from that file:
5. For each group this user is a member of, the corresponding check items
are pulled from radgroupcheck table and compared with the request. If
there is a match, the reply items for this group are pulled from the
radgroupreply table and applied.
6. Processing continues to the next group IF:
a. There was not a match for the last group's check items OR
b. Fall-Through was set in the last group's reply items
(The above is exactly the same as in the users file)
--
Fajar
More information about the Freeradius-Users
mailing list