<div dir="ltr">Hi,<div><br></div><div>I got it working using unlang. </div><div><br></div><div>sites-enabled/default<br></div><div>authorize {<br></div><div><br></div><div>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">update request {
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">Site-Location :=
"%{sql:SELECT radhuntgroup.groupname FROM `radhuntgroup` INNER
JOIN `radgroupcheck` ON radhuntgroup.groupname=radgroupcheck.value
INNER JOIN `radusergroup` ON
radgroupcheck.groupname=radusergroup.groupname AND
radgroupcheck.attribute ='Site-Location' WHERE
`nasipaddress`='%{NAS-IP-Address}' AND
radusergroup.username='%{User-Name}'}"
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">}
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">if ( Site-Location == ''
) {
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">update reply {
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">Reply-Message
:= "You are not authorised to access this site
('%{NAS-IP-Address}')!"
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">}
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">reject
</font></font></font></p>
<p style="margin-bottom:0cm"><font color="#0000ff">
<font face="Osaka-Mono"><font size="3">}</font></font></font></p><p style="margin-bottom:0cm"><font color="#0000ff"><font face="Osaka-Mono"><font size="3">}</font></font></font></p></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, May 30, 2014 at 10:53 AM, * <span dir="ltr"><<a href="mailto:zhex900@gmail.com" target="_blank">zhex900@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi,<div><br></div><div>I am try to use huntgroups to restrict user access to a certain NAS.</div><div><br></div><div>However I cannot get it to work using the huntgroup files and user files. I have tried using sql, this does work for me either.</div>
<div><br></div><div>This is my configuration for files.</div><div><br></div><div>users:</div><div><div>bob Cleartext-Password := "bob", Huntgroup-Name="site1"</div><div> Reply-Message := "Hello, %{User-Name}"</div>
</div><div><br></div><div>huntgroups</div><div><div>site1 NAS-IP-Address == 10.1.1.13</div></div><div><br></div><div>The user can login when Huntgroup-Name="site1" is removed.</div><div><br></div><div>This from debug:</div>
<div><br></div><div><div>(33) eap_mschapv2 : Auth-Type MS-CHAP {</div><div>(33) WARNING: mschap : No Cleartext-Password configured. Cannot create LM-Password</div><div>(33) WARNING: mschap : No Cleartext-Password configured. Cannot create NT-Password</div>
<div>(33) mschap : Creating challenge hash with username: bob</div><div>(33) mschap : Client is using MS-CHAPv2</div><div>(33) ERROR: mschap : FAILED: No NT/LM-Password. Cannot perform authentication</div><div>(33) ERROR: mschap : MS-CHAP2-Response is incorrect</div>
<div>(3</div></div><div><br></div><div>Jake He</div></div>
</blockquote></div><br></div>