Reject user if does not match group's checks

Andrei Petru Mura mapandrei at gmail.com
Mon Aug 6 09:29:36 CEST 2012


On Mon, Aug 6, 2012 at 9:14 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Andrei Petru Mura wrote:
> > I can have many groups. For any group, let's suppose I have declared in
> > radgroupcheck many attributes (like Session-Timeout, Idle-Timeout,
> > Login-Time, ...).
>
>   Login-Time is a check attribute.  Session-Timeout and Idle-Timeout are
> not.
>
> Yes, I know. My mistake.


> > Now I want that any user that tries to authenticate,
> > no matter what group belongs to, if does not meet successfully the group
> > checks, should be rejected.
>
>   This isn't really how group checks work.  The limitation is due to the
> mathematical way group membership works, and not to FreeRADIUS.
>
> Yes, I know. But that's exact the behavior that I want to get from FR. How
to make it working like that?


>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120806/603e8c67/attachment.html>


More information about the Freeradius-Users mailing list