Kostas Kalevras wrote:
On Fri, 15 Oct 2004, Alexander Serkin wrote:
Hi. could anybody explain me what exactly FR does with group checks working with SQL (Oracle in my case) ? I see group_membership_query in sql.conf, but i do not see that FR uses it in debug:
group_membership_query is used for Sql-Group attribute checking.
Thanks. It's clean now.
One more question - what is PRIORITY column in patched usergroup table for?
Is it used somehow by code?
I mean if my user appears in two groups and one group has Auth-Type:=Accept and another has Auth-Type:=Reject will the PRIORITY help radius to make decision what to do?
Second - what exactly will FR do if authorize_group_check_query returns several groups' membership for the user (i've slightly modified query and usergroup table to check CLID also):
SQL> SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, radgroupcheck.Value, radgroupcheck.op FROM radgroupcheck, usergroup WHERE (usergroup.Username = '[EMAIL PROTECTED]' or usergroup.CLID = '250097000002749') AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id;
ID GROUPNAME ATTRIBUTE VALUE OP 10 carta Realm c == 11 carta NAS-IP-Address 212.119.117.1 == 19 blackholed Auth-Type Reject :=
In my case user is accepted though he is a member of blackholed group with Auth-Type - Reject.
-- Sincerely Yours, Alexander Serkin, Skylink, Moscow
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Sincerely Yours, Alexander Serkin, Skylink, Moscow, ph. +7(095)7952089 fa. +7(095)7952084
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
