Groups Configuration
Ricardo LarraƱaga
ricardo.larranaga at gmail.com
Mon Apr 27 22:08:04 CEST 2015
Hi Guys:
I did compile 3.0.8 and test this same scenario, and it looks like my issue
persists. I am wondering if this is a problem with freeradius or if i might
be doing something wrong, or maybe not understanding the functionality.Thus
the following questions:
-If i set Fall-Through=Yes , And set a User-Profile in radreply for a
specific user, should the server automatically check for attributes in
radgroupreply that are in the group that the profile is member? Or is there
any extra configuration needed?
-Do i need radgroupcheck attributes? Or having a User profile is enough to
retrieve radgroupreply attributes even with an empty radgroupcheck list?
-I was browsing the queries.sql file (i am using postgresql). I found the
querie that looks for user/group membership:
group_membership_query = "\
SELECT GroupName \
FROM ${usergroup_table} \
WHERE UserName='%{SQL-User-Name}' \
ORDER BY priority"
I was expecting to find a query like that that would look for User-Profile
Membership.Something like :
group_membership_query = "\
SELECT GroupName \
FROM ${usergroup_table} \
WHERE UserName='%{*SQL-User-Profile*}' \
ORDER BY priority"
This is what makes me thing that i might not be understanding the
functionality properly. Without a query like that, how can the server
known if a User-Profile is member of a group
I just don't see the server querying for the User Profile group membership.
Any help would be appreciated.
Regards
On Sat, Apr 25, 2015 at 12:08 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Apr 25, 2015, at 9:54 AM, Ricardo LarraƱaga <
> ricardo.larranaga at gmail.com> wrote:
> > Hey Alan, thanks a lot for the comments.
> > Do you have by any chance a little bit more information about the issue,
> or
> > a bug # that i could follow to read about it?
>
> See the ChangeLogs for the various releases.
>
> > I am running fr on centos 7, and i am finding it a little hard to upgrade
> > to 3.0.8 without building from source, which i would prefer not to do.
>
> Well.. building from source isn't hard. And if it fixes the problem,
> it would seem to be a good thing to do.
>
> > I would like to see if i can change the way i want to provision customers
> > to make this work without having to create one entry per user in
> > radusersgroup.
> > The only thing that i found in the website regarding release 3.0.8 is the
> > following line:
>
> Uh... there were more releases than just that one. There are other
> ChangeLog files.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list