Debug info below<br><br><div class="gmail_quote">On Tue, Nov 9, 2010 at 2:09 PM, inetjunkmail <span dir="ltr"><<a href="mailto:inetjunkmail@gmail.com">inetjunkmail@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="gmail_quote">I know I'm missing something obvious but I'm stuck here so I apologize in advance for the silly question.<br><br>I'm using freeradius 2.1.7.<br><br>I'm using the "files" option for all processes but I want to use user groups so I can reference them in my huntgroups definitions as groups of users permitted to authentication to that group of devices. I tried modifying the etc_group module and the group is correctly determined but it takes place after the huntgroup decision making process done by "preprocessing" so the match condition for the huntgroup fails. I then inserted the module before "preprocessing" in my sites-available/default file and the group is correctly determined prior to preprocessing but it doesn't seem to match the test condition. Snippets of config are below. Any guidance would be appreciated.<br>
<br>modules/My-Group-Name<br>-----<br>passwd My-Group-Name {<br> filename = /etc/raddb/group<br> format = "=My-Group-Name:*,User-Name"<br> hashsize = 50<br> ignorenislike = yes<br> allowmultiplekeys = yes<br>
delimiter = ":"<br>}<br>-----<br><br>dictionary<br>-----<br>ATTRIBUTE My-Group-Name 3000 string<br>-----<br><br>group<br>-----<br>telecom:test1<br>hg1admin:test2<br><br>huntgroups<br>-----<br>hg1 NAS-IP-Address =~ "^10\.69\.1\..*"<br>
My-Group-Name == telecom,<br> My-Group-Name == hg1admin,<br>-----<br><br>users<br>-----<br>test1 Cleartext-Password := "password1"<br>test2 Cleartext-Password := "password2"<br>-----<br>
<br>I've inserted the My-Group-Name module at various locations within sites-available/default with no luck. Again, ant guidance would be appreciated.<br><br><br>
</div><br>
</blockquote></div>Here is some debug info. The group name is assigned but the huntgroup match still fails. Can someone provide insight as to why?<br><br>Ready to process requests.<br>rad_recv: Access-Request packet from host 10.69.1.10 port 1645, id=69, length=76<br>
User-Name = "test1"<br> User-Password = "password1"<br> NAS-Port = 0<br> NAS-Port-Id = "tty0"<br> NAS-Port-Type = Async<br> Calling-Station-Id = "async"<br> NAS-IP-Address = 10.69.1.10<br>
+- entering group authorize {...}<br>[My-Group-Name] Added My-Group-Name: 'telecom' to reply_items <br>++[My-Group-Name] returns ok<br>[preprocess] expand: %{NAS-IP-Address} -> 10.69.1.10<br>[preprocess] No huntgroup access: [test1] (from client k12 port 0 cli async)<br>
++[preprocess] returns reject<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> test1<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>
Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 69 to 10.69.1.10 port 1645<br>Waking up in 4.9 seconds.<br>
Cleaning up request 0 ID 69 with timestamp +16<br>Ready to process requests.<br><br>