HuntGroup check in radgroupcheck

Lorenzo Milesi maxxer at ufficyo.com
Thu Feb 21 17:36:22 CET 2013


Hi.
I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't seem to work.

Given the following properties:
radcheck:
F000001 MD5-Password := somemd5hash
radusergroup
F000001 HuntGroup01
radgroupcheck
F000001 Huntgroup-Name =~ nas04|nas05

the user is always authenticated, even if the connection comes from a nas which is not nas04 or nas05.
If I place the Huntgroup-Name property in the radcheck the user is correctly limited to the selected NASes. 

Output of the accounting session of "freeradius -X" attached here: https://dl.dropbox.com/u/706934/check01.gz
The results of the ran queries:
SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'F0000001' ORDER BY id
F000001 Md5-Password := xxx

SELECT id, username, attribute, value, op FROM radreply WHERE username = 'F0000001' ORDER BY id
(empty)

SELECT groupname FROM usergroup WHERE username = 'F0000001' ORDER BY id
huntgroup01

SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'huntgroup01' OR groupname = 'nas04' ORDER BY id
huntgroup01	Huntgroup-Name	nas01|nas02	=~


The final query correctly returns the list of nases the user is allowed to login to, but apparently it's not considered. Why this? what am I missing?



In addition to that, can I set a certain property (i.e. WISPr-Session-Terminate-Time) only if the user connects to a specific huntgroup?

thanks
-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.it

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it



More information about the Freeradius-Users mailing list