Re: sql group checks

Fri, 15 Oct 2004 04:06:22 -0700 

On Fri, 15 Oct 2004, Alexander Serkin wrote:

> Hi.
> could anybody explain me what exactly FR does with group checks working with SQL
> (Oracle in my case) ?
> I see group_membership_query in sql.conf, but i do not see that FR uses it in debug:

group_membership_query is used for Sql-Group attribute checking.

> Second - what exactly will FR do if authorize_group_check_query returns several
> groups' membership for the user (i've slightly modified query and usergroup
> table to check CLID also):
>
> SQL> SELECT radgroupcheck.id, radgroupcheck.GroupName, radgroupcheck.Attribute,
> radgroupcheck.Value, radgroupcheck.op  FROM radgroupcheck, usergroup WHERE
> (usergroup.Username = '[EMAIL PROTECTED]' or usergroup.CLID = '250097000002749') AND
> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id;
>
> ID GROUPNAME  ATTRIBUTE       VALUE             OP
> 10 carta      Realm           c                 ==
> 11 carta      NAS-IP-Address  212.119.117.1     ==
> 19 blackholed Auth-Type       Reject            :=
>
> In my case user is accepted though he is a member of blackholed group with
> Auth-Type - Reject.
>
> --
> Sincerely Yours,
> Alexander Serkin,
> Skylink, Moscow
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to