Hi, I have problem with multiple groups behind one NAS after upgrade from freeradius0.9.x to 1.0.4-1. There was no problem with this configuration before upgrade. Scenario: 2 groups: GPRS_1 and GPRS_2 both groups are behind NAS 1.1.1.1 user_1 is member of group GPRS_2 and he and all members of GPRS_2 are rejected. It looks that only members of first group matched in huntgroups file are positive processed. #################### my users file: DEFAULT Huntgroup-Name == DENY, Auth-Type := Reject Reply-Message = "!!! You are NOT allowed to access the resource !!!" DEFAULT Huntgroup-Name == GPRS_1, Ldap-Group == "cn=GPRS_1,cn=radius,dc=my,dc=domain" Fall-Through = no DEFAULT Huntgroup-Name == GPRS_2, Ldap-Group == "cn=GPRS_2,cn=radius,dc=my,dc=domain" Fall-Through = no #(I tried Fall-Through = yes but without success ) #################### my huntgroups file: GPRS_1 NAS-IP-Address == 1.1.1.1 GPRS_2 NAS-IP-Address == 1.1.1.1 #################### debug> rad_recv: Access-Request packet from host 1.1.1.1:49152, id=113, length=282 User-Name = "user_1" User-Password = "*******" Acct-Session-Id = "C35B9B41550234E2DB" NAS-IP-Address = 1.1.1.1 Service-Type = Framed-User Framed-Protocol = GPRS-PDP-Context Calling-Station-Id = "01234567898" Called-Station-Id = "apn" NAS-Port-Type = Wireless-Other NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_checkval: Item Name: NAS-IP-Address, Value: 1.1.1.1 rlm_checkval: Could not find attribute named NAS-IP-Address in check pairs modcall[authorize]: module "nas-ip" returns notfound for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for user_1 radius_xlat: '(uid=user_1)' radius_xlat: 'cn=radius,dc=my, dc=domain' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=my,dc=domain/******* to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in cn=radius ,dc=my, dc=domain, with filter (uid=user_1) rlm_ldap: Password header not found in password {MD5}M6SF989545MZxq0dPLluAAoY for user user_1 rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 01234567898 & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 10.10.10.10 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user user_1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'cn=radius ,dc=my, dc=domain' radius_xlat: '(&(objectClass=groupOfUniqueNames)(uniquemember=uid=user_1,cn=GPRS_1,dc=my,dc=domain))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=GPRS_1,cn=radius,dc=my,dc=domain, with filter (&(objectClass=groupOfUniqueNames)(uniquemember=uid=user_1,cn=GPRS_1,cn=radius,dc=my,dc=domain)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap::ldap_groupcmp: Group cn=GPRS_1,cn=radius,dc=my,dc=domain not found or user is not a member. users: Matched entry DEFAULT at line 128 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Thanx for adviced :) Aktivujte si aj vy schranku s neobmedzenou kapacitou na ATLAS.SK. http://mail.atlas.sk