RADIUS does not send reply for all groups the user is a member of
Fajar A. Nugraha
list at fajar.net
Tue Aug 23 09:10:22 CEST 2011
On Tue, Aug 23, 2011 at 1:53 PM, Det Det <det.explorer at yahoo.com> wrote:
> Hi there,
> here is the SQL and debug logs from radius.
>
> mysql> select * from radusergroup;
> +---------------------------+-----------+----------+
> | username | groupname | priority |
> +---------------------------+-----------+----------+
> | user1 at mydomain.com | defgroup | 1 |
> user1 at mydomain.com | dynamic | 1 |
> +---------------------------+-----------+----------+
It'd be easier if you use different priorities. Since the debug log
shows it's using "defgroup", try changing "dynamic"'s priority to "2"
...
> mysql> select * from radgroupreply;
> +----+-----------+-------------------+----+-----------------+
> | id | groupname | attribute | op | value |
> +----+-----------+-------------------+----+-----------------+
> | 1 | defgroup | Framed-MTU | = | 1500 |
> | 2 | defgroup | Service-Type | = | Framed-User |
> | 3 | defgroup | Port-Limit | = | 1 |
> | 7 | dynamic | Framed-IP-Netmask | = | 255.255.255.255 |
> | 6 | dynamic | Framed-IP-Address | = | 255.255.255.254 |
> +----+-----------+-------------------+----+-----------------+
... and add a radgroupreply entry like
defgroup | Fall-Through | = | Yes
--
Fajar
More information about the Freeradius-Users
mailing list