Hi, I got it working using unlang. sites-enabled/default authorize { update request { Site-Location := "%{sql:SELECT radhuntgroup.groupname FROM `radhuntgroup` INNER JOIN `radgroupcheck` ON radhuntgroup.groupname=radgroupcheck.value INNER JOIN `radusergroup` ON radgroupcheck.groupname=radusergroup.groupname AND radgroupcheck.attribute ='Site-Location' WHERE `nasipaddress`='%{NAS-IP-Address}' AND radusergroup.username='%{User-Name}'}" } if ( Site-Location == '' ) { update reply { Reply-Message := "You are not authorised to access this site ('%{NAS-IP-Address}')!" } reject } } On Fri, May 30, 2014 at 10:53 AM, * <zhex900@gmail.com> wrote:
Hi,
I am try to use huntgroups to restrict user access to a certain NAS.
However I cannot get it to work using the huntgroup files and user files. I have tried using sql, this does work for me either.
This is my configuration for files.
users: bob Cleartext-Password := "bob", Huntgroup-Name="site1" Reply-Message := "Hello, %{User-Name}"
huntgroups site1 NAS-IP-Address == 10.1.1.13
The user can login when Huntgroup-Name="site1" is removed.
This from debug:
(33) eap_mschapv2 : Auth-Type MS-CHAP { (33) WARNING: mschap : No Cleartext-Password configured. Cannot create LM-Password (33) WARNING: mschap : No Cleartext-Password configured. Cannot create NT-Password (33) mschap : Creating challenge hash with username: bob (33) mschap : Client is using MS-CHAPv2 (33) ERROR: mschap : FAILED: No NT/LM-Password. Cannot perform authentication (33) ERROR: mschap : MS-CHAP2-Response is incorrect (3
Jake He