<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">On further investigation, I can see that the check works just fine if the attribute huntgroup-name == xxxxxxx is added to radcheck<div><br></div><div>For what reason can't we add to radgroupcheck?</div><div><br></div><div>What's the logic required to modify so we can restrict on a group level?</div><div><br></div><div><br></div><div><div><div>On 30 Oct 2011, at 17:03, Alan DeKok wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>simonm123 wrote:<br><blockquote type="cite">Am new to freeradius but have it mainly set up just fine. It's a fantastic<br></blockquote><blockquote type="cite">tool and I'm enjoying using it :)<br></blockquote><br> That's good to hear.<br><br><blockquote type="cite">Just one thing I'm struggling with is the huntgroups. I've followed the wiki<br></blockquote><blockquote type="cite">to the letter and can see the server checking in the debug log.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">What I basically want to do is restrict users to certain networks, as per<br></blockquote><blockquote type="cite">the wiki. If their huntgroup-name matches their huntgroup based on nasip,<br></blockquote><blockquote type="cite">they can get online, otherwise they're rejected.<br></blockquote><br> OK...<br><br><blockquote type="cite">I've put Huntgroup-Name = NetworkA in my radgroupcheck folder.<br></blockquote><br> Use "==". It does comparisons.<br><br><blockquote type="cite">In my radhuntgroup table, I have the nasip and groupname = NetworkA<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Then, in the authorize section of my default host, I put:<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">update request {<br></blockquote><blockquote type="cite"> Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE<br></blockquote><blockquote type="cite">nasipaddress='%{NAS-IP-Address}'}"<br></blockquote><blockquote type="cite">}<br></blockquote><br> No, that won't work. The huntgroups are defined by the "huntgroups"<br>file. You can't change them like you're trying to do.<br><br> Instead, use another attribute. Invent one. See raddb/dictionary.<br><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></div></blockquote></div><br></div></body></html>