<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hello John/All<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’m moving from free-radius 1.1.7 to 2.1.1. In the
old setup I was using the huntgroup file to tag a NAS and based on the IP
address of that NAS assign it a huntgroup. Then, in the users file, I
would send the huntgroup particular attributes. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The Users file would look like this:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>DEFAULT Huntgroup-Name
== “Test_Group”<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> Authentication-Type
= Accept, (*** this line no longer works in 2.1.1. It errors out with Invalid
Octet string “Accept” for attribute name “Authentication-Type”)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> Tunnel-Medium-Type
= IP,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> Tunnel-Type
= L2TP,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> etc….<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>In Freeradius 2.1.1 I’ve implemented the huntgroup table
in the backend which works well (using mysql and the guide provided below by
John.) I need to know how can I send the attributes above to the NAS based on
the sql huntgroup match which I get back from the SQL query? I’ve
tried to add a group in the radgroupreply table that sends back all necessary
attributes however that did not work as the huntgroup was not being checked
against the radgroupreply table.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I can currently achieve what I need by enabling the users file (with
the DEFAULT Entries in it) to be read in the preprocess module however I was
hoping to keep all this in mysql. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Running radiusd –X I can see that the huntgroup is
identified correctly and I get a ++ [request] returns ok from it however I’m
not sure how to send it the above attributes from sql instead of the users
flatfile. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Any help is appreciated,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Adrian<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";
color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'> freeradius-users-bounces+adrian=dsl4u.ca@lists.freeradius.org
[mailto:freeradius-users-bounces+adrian=dsl4u.ca@lists.freeradius.org] <b>On
Behalf Of </b>John Dennis<br>
<b>Sent:</b> Tuesday, November 11, 2008 9:43 AM<br>
<b>To:</b> FreeRadius users mailing list<br>
<b>Subject:</b> Re: Restricting user to specific NAS Port<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Sean Preston wrote: <o:p></o:p></p>
<pre>Hi<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>2008/11/11 <a
href="mailto:tnt@kalik.net"><tnt@kalik.net></a>:<o:p></o:p></pre><pre> <o:p></o:p></pre>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>
<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre>I need to restrict a specifc user to say 2 specific NAS ports and then<o:p></o:p></pre><pre>define a different account to some different specific NAS ports.<o:p></o:p></pre><pre>Currently as long as an account is only ever going to use one NAS port<o:p></o:p></pre><pre>I can restrict it by adding the entry to the radcheck table. So for<o:p></o:p></pre><pre>example if I have 10 users, I have 10 entries with the NAS port and<o:p></o:p></pre><pre>the == operator. However if I want to add some accounts with multiple<o:p></o:p></pre><pre>entries then<o:p></o:p></pre><pre> <o:p></o:p></pre></blockquote>
<pre>.. use huntgroups.<o:p></o:p></pre><pre> <o:p></o:p></pre></blockquote>
<pre><o:p> </o:p></pre><pre>Ok I think I understand what needs to be done. So the next question<o:p></o:p></pre><pre>then is how do I setup huntgroups to be in the same database as<o:p></o:p></pre><pre>everything else because as it stands it looks like it can only be a<o:p></o:p></pre><pre>file and I am going to have hundreds of groups and it would be easier<o:p></o:p></pre><pre>to manage in the database.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Regards<o:p></o:p></pre><pre>Sean<o:p></o:p></pre><pre><o:p> </o:p></pre><pre> <o:p></o:p></pre>
<p class=MsoNormal>I wrote documentation for how to implement huntgroups in
SQL.<br>
It does require FreeRADIUS version 2.x because it depends on unlang.<br>
You won't need to modify FreeRADIUS 2.x, all you'll need to do is edit<br>
some config files and add a table to your database. The documentation<br>
is attached as a text file to this email.<br>
<br>
HTH,<br>
<br>
John<br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre><pre>John Dennis <a href="mailto:jdennis@redhat.com"><jdennis@redhat.com></a><o:p></o:p></pre></div>
</body>
</html>