Groups Configuration

[Ricardo Larrañaga]

Hi Guys:
I did compile 3.0.8 and test this same scenario, and it looks like my issue
persists. I am wondering if this is a problem with freeradius or if i might
be doing something wrong, or maybe not understanding the functionality.Thus
the following questions:

-If i set Fall-Through=Yes , And set a User-Profile in radreply for a
specific user, should the server automatically check for attributes in
radgroupreply that are in the group that the profile is member? Or is there
any extra configuration needed?

-Do i need radgroupcheck attributes? Or having a User profile is enough to
retrieve radgroupreply attributes even with an empty radgroupcheck list?

-I was browsing the queries.sql file (i am using postgresql). I found the
querie that looks for user/group membership:

group_membership_query = "\
        SELECT GroupName \
        FROM ${usergroup_table} \
        WHERE UserName='%{SQL-User-Name}' \
        ORDER BY priority"

I was expecting to find a query like that that would look for User-Profile
Membership.Something like :

group_membership_query = "\
        SELECT GroupName \
        FROM ${usergroup_table} \
        WHERE UserName='%{*SQL-User-Profile*}' \
        ORDER BY priority"


This is what makes me thing that i might not be understanding the
functionality properly.  Without a query like that, how can the server
known if a User-Profile is member of a group

I just don't see the server querying for the User Profile group membership.
Any help would be appreciated.
Regards

On Sat, Apr 25, 2015 at 12:08 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 25, 2015, at 9:54 AM, Ricardo Larrañaga <
> ricardo.larranaga at gmail.com> wrote:
> > Hey Alan, thanks a lot for the comments.
> > Do you have by any chance a little bit more information about the issue,
> or
> > a bug # that i could follow to read about it?
>
>   See the ChangeLogs for the various releases.
>
> > I am running fr on centos 7, and i am finding it a little hard to upgrade
> > to 3.0.8 without building from source, which i would prefer not to do.
>
>    Well.. building from source isn't hard.  And if it fixes the problem,
> it would seem to be a good thing to do.
>
> > I would like to see if i can change the way i want to provision customers
> > to make this work without having to create one entry per user in
> > radusersgroup.
> > The only thing that i found in the website regarding release 3.0.8 is the
> > following line:
>
>   Uh... there were more releases than just that one.  There are other
> ChangeLog files.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>