> Sent: Tuesday, May 17, 2005 3:50 PM > FreeRADIUS' use of groups in the sql module is not the same as > using Unix groups in the users file. You cannot create > separate check conditions in separate SQL groups and then > send only the reply elements from that same group.
Mike: Thanks for the info and ideas. This is the first bit of information I've seen that actually begins to detail the differences. > Look at the SQL queries in sql.conf - specifically, the > authorize_group_check_query and authorize_group_reply_query > settings. These queries return check and reply attributes > for a user based on the settings in usergroup. IT DOES NOT > RETURN THE GROUP NAMES THEMSELVES. As far as FreeRADIUS > is concerned this is one large group of check and > reply attributes. > I have implemented this approach by adding a HuntGroup column > to the table definitions. I then add the appropriate clients > to the huntgroup file and have the SQL queries use the > HuntGroup name as part of the query to find the appropriate > check and reply attributes to return to FreeRADIUS. > As example of our setup is as follows: This looks like my radgroupcheck -- is that what you are using? > +-----------+-----------+----+--------+-----------+ > | GroupName | Attribute | op | Value | HuntGroup | > +-----------+-----------+----+--------+-----------+ > | DEFAULT | Auth-Type | = | Local | wlusers | > | DEFAULT | Auth-Type | = | Reject | dial800 | > | tollfree | Auth-Type | := | Local | dial800 | > +-----------+-----------+----+--------+-----------+ This looks like my radgroupreply -- is that what you are using? > +-----------+--------------------+----+---------------------+----------- + > | GroupName | Attribute | op | Value | HuntGroup | > +-----------+--------------------+----+---------------------+----------- + > | DEFAULT | Service-Type | = | Framed-User | wlusers | > | DEFAULT | Framed-Protocol | = | PPP | wlusers | . . . > | tollfree | Service-Type | = | Framed-User | dial800 | > | tollfree | Framed-Protocol | = | PPP | dial800 | . . . Can you post the changes you made to the sql.conf queries? And, please, keep posting notes on the differences. Danny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
