HuntGroup check in radgroupcheck

Lorenzo Milesi maxxer at ufficyo.com
Thu Feb 21 18:37:48 CET 2013


>   Post the debug output, as suggested in the FAQ, "man" page, web
>   pages, and daily on this list.

I posted the freeradius -X output into the linked file... Aren't you referring to that?

> 
> > Given the following properties:
> > radcheck:
> > F000001 MD5-Password := somemd5hash
> > radusergroup
> > F000001 HuntGroup01
> > radgroupcheck
> > F000001 Huntgroup-Name =~ nas04|nas05
> > 
> > the user is always authenticated, even if the connection comes from
> > a nas which is not nas04 or nas05.
> 
>   I think you're confused about huntgroups.  NASes are placed into
> huntgroups via the "huntgroups" file.  Not SQL.  When you check group
> membership, you check for the huntgroup name, not the NAS name.

According to [1] huntgroups can be checked via SQL as well...
>From the debug output i posted here [2] you can see the huntgroup is correctly identified from SQL...
 

[1] http://wiki.freeradius.org/guide/SQL_Huntgroup_HOWTO 
[2] https://dl.dropbox.com/u/706934/check01.gz

>   You're using Huntgroup-Name to check the *nas* name.  It won't
>   work.

I omitted to say that in my radhuntgroup table I defined HG with the same names as nases in the nas table. Can this be a problem?


thanks

-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.it

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it



More information about the Freeradius-Users mailing list