At 10:23 AM 1/28/2003 -0600, Robert Canary wrote:
Yes I read that, however, there are some details that do not line line up, or do not exist. As the author said "they are my personal notes"I noticed in the(that) doc the id is repeated, yet the db table(radcheck,usergroup,radreply,radgroupcheck,radgroupreply) has it as auto-increment. I am still unclear about what tables are read and when.... I understand the radcheck...read as a pasword file for authentication. What is the significance of radgroup, if I pass attributes from the radreply, do I need to populate the radgroupreply?
No. Think of radcheck as a specific entry in the 'users' file.
Will radius fail if the user is not listed in radgroup?
No. Think of radgroup[check|reply] as a DEFAULT entry that is hit because the specific 'users' entry has 'Fall-Through = Yes'.
Is radius suppose to fail if the user's group is not listed in radgroupreply/check?
No. radgroup[check|reply] serve to allow you to place the common elements of your user profiles into a single db entry, thus reducing DB table size.
What table is checked first? ANS:radcheck And from what information in that table dose radius use to determin its next action?
Nothing. It uses radgroup[check|reply] if you have an entry in usergroup.
This far I have determined the following (please correct this if wrong)
radius looks for a chap password radius looks for a mschap radiuis looks for a realm "@" radius looks in radcheck Now here is where I am not sure what is happening..... IF it dosen't find the username in radcheck it still looks for the user in the radgroupcheck, but the radius debug(-x) dosen't indicate what it is looking for, it gose on to query to the radgroupreply, *then* give the statement user not found in radgroupcheck. So how dose the radgroupcheck fall into the scheme of things. It looks as though it is redundant when I can use the radreply to set up the sesssion.
You can. As stated above radgroup allows you to 'group' the common attributes shared by a 'group' of users with a common profile. IE, you put the password in 'radcheck', an entry for the user in 'usergroup', and the remainder of the a/v pairs in radgroupreply.
Yes, see the explanation above.I am getting the impression the db table progression is similar to the fall-through function of the user.conf file. Am I getting close?
Hope this helps,
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html