On Thu, 12 Mar 2009 14:20:58 +0200, <tnt@kalik.net> wrote:
Thank you for help. I try to do as you say and put this to authorize section after preprocess:
preprocess
# allow hotspot users only if (SQL-Group != 'Spot') { reject }
Here debug on this action:
++? if (SQL-Group != 'Spot') sql_groupcmp expand: %{User-Name} -> spot2 sql_set_user escaped user --> 'spot2' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'spot2' ORDER BY priority sql_groupcmp finished: User is a member of group Spot rlm_sql (sql): Released sql socket id: 4 ? Evaluating (SQL-Group != 'Spot') -> TRUE ++? if (SQL-Group != 'Spot') -> TRUE ++- entering if (SQL-Group != 'Spot') {...} +++[reject] returns reject ++- if (SQL-Group != 'Spot') returns reject
strange behaviour, user 'spot2' belongs to group 'Spot', but if clause return TRUE and reject returned.
OK, it looks like it doesn't work in unlang. I don't know if it is suposed to, but Alan will know. Put this in users file:
DEFAULT SQL-Group != "Spot", Auth-Type := Reject (, Huntgroup-Name == "hotspot") Reply-Message := "Only hotspot users allowed"
You will probably need to add NAS-IP-Address or Huntgroup-Name in order to tie it to the originating NAS.
Ivan Kalik Kalik Informatika ISP
This is works with hungroups, thanks! Here example for future readers: raddb/users: DEFAULT SQL-Group != "Spot", Auth-Type := Reject, Huntgroup-Name == "Spot" Reply-Message := "ERROR 104: Only hotspot users allowed to login." raddb/huntgroups: Spot NAS-IP-Address == 212.110.144.142 Spot NAS-IP-Address == 212.110.136.226
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ISP CrIS, Softwarium