On Wed, 25 Dec 2002, Fernando Teodoro wrote: > > Check out the default_user_profile directive in sql.conf. This feature has > been > > added in the latest versions of the sql module. The comments in sql.conf > should > > also be very helpfull. > Ok, I've found it. After some tests, I've reached the situation: default > profile works, in fact. But in my case, I need to set up a default profile > with Auth-Type=Accept; the problem is FreeRadius applies default profile to > all users, BEFORE verifying radcheck table. This way, everybody can log in, > with any password, and falls in default profile. > In this point, IC-Radius is more intelligent (or I'm more stupid, and didn't > find the way): IC verifies radcheck table BEFORE, and if the supplied > credentials are ok, authenticates the registered user; otherwise - since the > credentials aren't in radcheck tables - the user falls in DEFAULT scope, > going to a group according with radgroup table (where I can setup different > pool, NAS filter, and so on) > > This is the puzzle. Maybe I've missed something, but as far as I've gone, > there's no way to: > a) if the login/pass EXISTS in radcheck, authenticate the user with the > credentials; > b) OTHERWISE, apply group features to this user, now a DEFAULT user.
Check out the query_on_not_found directive. The DEFAULT profile is queried last *after* the check/reply tables. You can use that directive to also query the DEFAULT profile when the user is not found. > > If there's any way to do this, I'll be very helpful. FreeRadius seems to be > more functional than ICradius, but for now, I've switched back. > > > > -- Fernando > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html