>Now I want to implement a check, that verifies if a user authenticating with >[email protected] is also in the group "realmA" and reject the request if this >is not the case. This way I want to implement a "user X purchased product Y?" > >Already tried this: Adding in the radusergroup table: >+------------------+-----------+-----------+ >| username | groupname | priority | >+------------------+-----------+-----------+ >| [email protected] | realmA | 10 | >+------------------+-----------+-----------+ > >And in the radgroupcheck table: >+----+-----------+-----------+----+------------+ >| id | groupname | attribute | op | value | >|----+-----------+-----------+----+------------+ >| 1 | realmA | Realm | != | realma.com | >+----+-----------+-----------+----+------------+ > >And finally in the radgroupreply table: >+----+-----------+---------------+----+-----------------------+ >| id | groupname | attribute | op | value | >+----+-----------+---------------+----+-----------------------+ >| 1 | realmA | Auth-Type | := | Reject | >+----+-----------+---------------+----+-----------------------+ >
You do know that this doesn't do anything. If the password is linked to username [email protected] these group checks are pointless. >And of course, my debug output says: > rlm_realm: Adding Realm = "~^realmA.com$" > That shouldn't happen. realm suffix should return realmA.com as Realm (without those regex things). Post the whole debug. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
