[EMAIL PROTECTED] wrote: > > OK, yes, I realize that was creating a user name. So if I change that format > line to have a Group attribute instead of User-Name, then I have a Group > being created by NAS-IP-Address. I still don't get how I can test to make > sure that the user is part of this group. I have tried adding the group name > to the usergroup table, but whether or not this value is correct (corresponds > to the value in the nas_group file) or is even present doesn't make a > difference. The user is always getting authenticated. Where does the logic > need to lie to check that the user is a part of the named group?
Group = Unix group SQL-Group = the usergroup table in mysql Set the SQL-Group in the huntgroups file and then put the user/group entry in the usergroup table in mysql and it should just work. Check the debug, you will see that it checks the SQL-Group early and will reject on that before it even looks for the password. If I understand you correctly, you shouldn't need rlm_passwd. The only difference between what you are trying and what we are doing is that I use Client-IP-Address instead of NAS-IP-Address in the huntgroups file because I have upstream RADIUS providers to deal with.... -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html