Alan, Initially, I made the assumption that there was an implicit deny.
After re-reading the docs, I have created an "implicitdeny" group that I assign to all new users with a priority of 1000. The only attribute set in this group is Auth-Type = Reject. So, if there is a match for any other groups with a priority number less than 1000, the customer is accepted and those group rules are applied. I was just wondering if there was a maximum priority number, other than the character limit in my mysql field. Thanks again for all the help, Craig On Sat, Feb 27, 2010 at 1:05 PM, Alan DeKok <[email protected]>wrote: > Craig Schurr wrote: > > If no attributes in the radgroupcheck table are matched I have a group > > with a higher priority number to act as an implicit deny. > > There is no "implicit deny". The documentations aays "if there is a > match, the reply items are applied". > > It does NOT say "if there is no match, the user is rejected". > > If you want a user to be rejected, you have to configure that. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
