Hi, I've successfully set up freeradius and till now it is doing what I want - checking realms and prefixes and uses a postgres database backend. ;)
Now I want to implement a check, that verifies if a user authenticating with 10...@realma.com is also in the group "realmA" and reject the request if this is not the case. This way I want to implement a "user X purchased product Y?" Already tried this: Adding in the radusergroup table: +------------------+-----------+-----------+ | username | groupname | priority | +------------------+-----------+-----------+ | 10...@realma.com | realmA | 10 | +------------------+-----------+-----------+ And in the radgroupcheck table: +----+-----------+-----------+----+------------+ | id | groupname | attribute | op | value | |----+-----------+-----------+----+------------+ | 1 | realmA | Realm | != | realma.com | +----+-----------+-----------+----+------------+ And finally in the radgroupreply table: +----+-----------+---------------+----+-----------------------+ | id | groupname | attribute | op | value | +----+-----------+---------------+----+-----------------------+ | 1 | realmA | Auth-Type | := | Reject | +----+-----------+---------------+----+-----------------------+ And of course, my debug output says: rlm_realm: Adding Realm = "~^realmA.com$" I also tried adding "~^realmA.com$" as value in the radgroupcheck table with no success. I thought to already understood this concept... but adding "Auth-Type := Reject" in the radgroupcheck table works?! My expression in radgroupcheck also works - I verified this by adding "Reply-Message += Is this working?" within radgroupreply and the reply-message is added to the response. If anybody could assist me with this or just give me a hint it'd be great! Regards, Robert Borz. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html