mysql huntgroups Access-Reject

GeneTitus gene at ots.utsystem.edu
Wed Dec 15 18:08:45 CET 2010


Greetings from Texas.

I'm setting up freeradius to authenticate/authorize network engineers to log
into cisco and juniper devices. Some devices we share with other
organizations. I need to be able to allow some engineers access to some
devices and not others. I'm running on redhat with Mysql as the backend.
I'll will be writing a web front end to manage our radius server(s) once I
get a working configuration for our situation..

I have freeradius 2.1.7. That's the rpm for redhat 5.4.

I have radcheck and radreply working. (username and password checking)

I have radusergroup, radgroupcheck, radgroupreply working if I populate the
huntgroups flat file with appropriate information.

I can set shell:privs on ciscos for a specific user based on group
membership via radgroupreply.

As I understand it, if I move huntgroups out of the flat file (preprocess)
and into mysql, I loose the ability to send an Access-Reject based on
huntgroups.

Is that correct?


Thanks,
Gene Titus
The Office of Telecommunication Services
The University of Texas at Austin
-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/mysql-huntgroups-Access-Reject-tp3306623p3306623.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list