> On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin<[email protected]> wrote: >> >>> +----+----------+--------------------+----+----------+ >>> | id | username | attribute | op | value | >>> +----+----------+--------------------+----+----------+ >>> | 5 | jack | Huntgroup-Name | == | wireless | >>> | 4 | jack | Cleartext-Password | := | foo | >>> +----+----------+--------------------+----+----------+ >> You wrote rules for authorization/athentication of jack: Jack grants >> access from hardware of 'wireless' huntgroup with 'foo' password. > > I wrote the rules for huntgroup here because the rules in groupcheck > didn't work. If I take this out, just keeping the groupcheck, 'jack' > will connect from any hardware. The groupcheck is ignoring the > huntgroups.
"Didn't work"? Sql groups emulate the way DEFAULT entries in users file work. The situation there is the same - if check doesn't match, entry is skipped. They do not emulate user entries - that's what radcheck/radreply entries do. That's why entries in radcheck "worked" and those in radgroupcheck "didn't". Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
