Groups Configuration

[Alan DeKok]

On Apr 27, 2015, at 4:08 PM, Ricardo Larrañaga <ricardo.larranaga at gmail.com> wrote:
> -If i set Fall-Through=Yes , And set a User-Profile in radreply for a
> specific user, should the server automatically check for attributes in
> radgroupreply that are in the group that the profile is member? Or is there
> any extra configuration needed?

  The SQL behaviour is documented:

http://wiki.freeradius.org/modules/Rlm_sql#SQL-Schema-and-usage

  Does your use of the DB match the documented behaviour?  If not, fix your local config.

  Otherwise, it's a bug.

> -Do i need radgroupcheck attributes? Or having a User profile is enough to
> retrieve radgroupreply attributes even with an empty radgroupcheck list?

  Read the docs.  You need radgroupcheck attributes.

> -I was browsing the queries.sql file (i am using postgresql). I found the
> querie that looks for user/group membership:
> 
> group_membership_query = "\
>        SELECT GroupName \
>        FROM ${usergroup_table} \
>        WHERE UserName='%{SQL-User-Name}' \
>        ORDER BY priority"
> 
> I was expecting to find a query like that that would look for User-Profile
> Membership.Something like :

  See the link I posted.  It describes how the server uses User-Profile.

> group_membership_query = "\
>        SELECT GroupName \
>        FROM ${usergroup_table} \
>        WHERE UserName='%{*SQL-User-Profile*}' \
>        ORDER BY priority"
> 
> 
> This is what makes me thing that i might not be understanding the
> functionality properly.  Without a query like that, how can the server
> known if a User-Profile is member of a group
> 
> I just don't see the server querying for the User Profile group membership.

  Check the link I sent.  This is all documented in great detail.

  Alan DeKok.