Previous page Section 3.51.7. CheckGroupServer Section 3.51.8. CheckGroup (720 / 1691)   Table of Contents Section 3.52. <AuthBy PORTLIMITCHECK> Next page

3.51.8. CheckGroup Previous topic Parent topic Child topic Next topic

This optional parameter, in conjunction with CheckGroupServer, allows you to set a Class reply attribute that depends on which NT group the user is a member of. Recall that if you set the Class in an access reply, then subsequent accounting requests sent by the NAS for that session will contain exactly the same Class attribute. This is useful for remembering which accounting group or rate to charge the user.
CheckGroup is a comma-separated pair of names. The first is an NT group name, the second is an arbitrary string. During authentication, if the user is a member of the NT group, then the Class attribute in the reply will be set to the arbitrary string. The first match found will be used.
For example:
<AuthBy ADSI>
      CheckGroupServer romeo
      CheckGroup USVPN,premium
      CheckGroup UKVPN,standard
      ....
</AuthBy>
In this example, if a user is a member of the NT group USVPN, then the reply will contain Class=premium. If they are in UKVPN group, then the reply will contain Class=standard. If they are in neither group, then no Class will be set in the reply.
Previous page Section 3.51.7. CheckGroupServer Section 3.51.8. CheckGroup (720 / 1691)   Table of Contents Section 3.52. <AuthBy PORTLIMITCHECK> Next page