Hello Alan, It works! After I changed the authorize_check_query the FreeRadius is now able to check for attributes after Kerberos authentications. Thanks!
Regards, Jason -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Thursday, April 19, 2007 8:13 PM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: Grouping after Kerberos 5 authentication accepted? Jason Chan wrote: > For example, Kerberos successfully authenticate admin/admin (yes I > don't use MySQL for authentication), and FreeRadius knows this user > has permission to access. Now, in the postauth part, FreeRadius > searches the radreply table in its MySQL database for the proper > attributes that this particular user has, say Service-Type = > Administrative-User. I store these attribute information in radreply > table and leave other tables empty. > > So, I edited the postauth_query in sql.conf: I think for historical reasons, you have to perform the query in the authorize section. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.5.4/768 - Release Date: 4/19/2007 5:32 AM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
