Hi, I want to use FR to control the access to different ressources (radius clients). I've put my users in 'radcheck', defined groups in 'radgroupcheck' according to Client-IP-Address and put the users in their groups in 'usergroup'. Some users are in more than one group, but they can only access to the first matching group defined in 'radgroupcheck'. Tryed to add 'Fall-Through = Yes' to all 'radgroupcheck' entries, but it didn't work.
Now I've found a workaround: I added a column 'groupIPaddr' varchar(15) in 'radgroupcheck'. I put there the Client-IP-Address and changed the query in sql.conf to: authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName, ${groupcheck_table}.Attribute,${groupcheck_table}.Value, ${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${groupcheck_table}.groupIPaddr ='%{Client-IP-Address}' AND ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id" Now My users have access to all their authorized nasses whatever the order of definition of the groups. Was there an easier/more standard way of doing? Michel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html