On Fri, 15 Oct 2004, Alexander Serkin wrote: > Hi. > could anybody explain me what exactly FR does with group checks working with SQL > (Oracle in my case) ? > I see group_membership_query in sql.conf, but i do not see that FR uses it in debug:
group_membership_query is used for Sql-Group attribute checking. > Second - what exactly will FR do if authorize_group_check_query returns several > groups' membership for the user (i've slightly modified query and usergroup > table to check CLID also): > > SQL> SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute, > radgroupcheck.Value, radgroupcheck.op FROM radgroupcheck, usergroup WHERE > (usergroup.Username = '[EMAIL PROTECTED]' or usergroup.CLID = '250097000002749') AND > usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id; > > ID GROUPNAME ATTRIBUTE VALUE OP > 10 carta Realm c == > 11 carta NAS-IP-Address 212.119.117.1 == > 19 blackholed Auth-Type Reject := > > In my case user is accepted though he is a member of blackholed group with > Auth-Type - Reject. > > -- > Sincerely Yours, > Alexander Serkin, > Skylink, Moscow > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html