Reject user if does not match group's checks

Andrei Petru Mura mapandrei at gmail.com
Mon Aug 6 07:45:42 CEST 2012


Hello Alan. Thanks for reply.

There's no such a question in FAQ. Except
this<http://wiki.freeradius.org/FAQ#How-do-I-deny-access-to-a-specific-user%2C-or-group-of-users%3F>
 and this<http://wiki.freeradius.org/FAQ#How-do-I-deny-access-to-a-specific-user%2C-or-group-of-users%3F>
link
that are somehow similar. But to be clearer, I'll explain more detailed
what I need:

I can have many groups. For any group, let's suppose I have declared in
radgroupcheck many attributes (like Session-Timeout, Idle-Timeout,
Login-Time, ...). Now I want that any user that tries to authenticate, no
matter what group belongs to, if does not meet successfully the group
checks, should be rejected. So, instead of adding in radcheck all group's
attributes for every user, I want to have them only in radgroupcheck.
That's the idea. (I think that will help FR work faster when there's a
great amount of users.) Is that possible?

P.S. You directed me to FAQ, but I can't understand how to achieve that,
even after read FAQ. I'm a kind of newbie to FR. I explained my scenario in
hopes I made myself understood.

On Fri, Aug 3, 2012 at 6:57 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Andrei Petru Mura wrote:
> > Although I saw  some similar questions on forum, I didn't see a clear
> > response to it.
> >
> > *The question is: *Is there a way to force user be rejected if it does
> > not match check conditions for the group that belongs to?
>
>   See the FAQ.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120806/b02b605a/attachment.html>


More information about the Freeradius-Users mailing list