Hi,

I got it working using unlang. 

sites-enabled/default
authorize {

update request {

Site-Location := "%{sql:SELECT radhuntgroup.groupname FROM `radhuntgroup` INNER JOIN `radgroupcheck` ON radhuntgroup.groupname=radgroupcheck.value INNER JOIN `radusergroup` ON radgroupcheck.groupname=radusergroup.groupname AND radgroupcheck.attribute ='Site-Location' WHERE `nasipaddress`='%{NAS-IP-Address}' AND radusergroup.username='%{User-Name}'}"

}

if ( Site-Location == '' ) {

update reply {

Reply-Message := "You are not authorised to access this site ('%{NAS-IP-Address}')!"

}

reject

}

}



On Fri, May 30, 2014 at 10:53 AM, * <zhex900@gmail.com> wrote:
Hi,

I am try to use huntgroups to restrict user access to a certain NAS.

However I cannot get it to work using the huntgroup files and user files. I have tried using sql, this does work for me either.

This is my configuration for files.

users:
bob     Cleartext-Password := "bob", Huntgroup-Name="site1"
        Reply-Message := "Hello, %{User-Name}"

huntgroups
site1    NAS-IP-Address == 10.1.1.13

The user can login when Huntgroup-Name="site1" is removed.

This from debug:

(33) eap_mschapv2 :  Auth-Type MS-CHAP {
(33) WARNING: mschap : No Cleartext-Password configured.  Cannot create LM-Password
(33) WARNING: mschap : No Cleartext-Password configured.  Cannot create NT-Password
(33) mschap : Creating challenge hash with username: bob
(33) mschap : Client is using MS-CHAPv2
(33) ERROR: mschap : FAILED: No NT/LM-Password.  Cannot perform authentication
(33) ERROR: mschap : MS-CHAP2-Response is incorrect
(3

Jake He