Rascher, Markus wrote:
No way to store huntgroups directives on LDAP or SQL?
I worked out a sql scheme to store users and their privileges to access certain services. Then i told the radiusd to query a stored procedure on the db, instead of the standard radcheck-table. In the stored procedure i did some queries to find find out if the user should have access to the requested service. I don't know if this is possible in ldap too... I guess not.
Or... # cat huntgroups ServiceA Client-IP-Address == 1.2.3.4 SQL-Group == ServiceA and... mysql> select * from radius.usergroup limit 1; +----+---------------------+-----------+ | id | UserName | GroupName | +----+---------------------+-----------+ | 65 | username@domain.com | ServiceA | +----+---------------------+-----------+ and it just works. For LDAP, I think you will need LDAP-Group instead of SQL-Group in the huntgroups file. I'm not sure what it will look like in the LDAP schema, but I am pretty sure others are doing this. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com