-----Original Message----- From: tnt@kalik.net [mailto:tnt@kalik.net] Sent: Monday, 19 January 2009 10:52 p.m. To: FreeRadius users mailing list Subject: Re: Huntgroups issue - every user is accepted
The goal is to suppress roaming between hotspot routers, between groups of hotspots.
`radhuntgroup`
`id`, `groupname`, `calledstationid`
1, 'Test-Rejec', '00-1D-7E-E7-96-9F'
`usergroup`
`UserName`, `GroupName`, `priority`
'yubvef13', 'TestGroup', 1
This is OK.
`radgroupcheck`
`id`, `GroupName`, `Attribute`, `op`, `Value`
1, 'TestGroup', 'Huntgroup-Name', ':=', 'Test'
This doesn't check anything. It sets huntgroup to Test.
As I understand it you want to reject huntgroups that are not Test. So make such a policy:
Huntgroup-Name != "Test", Auth-Type := Reject
Thanks for your response. It overlapped time wise with one from Alan. However, the issue remains: I do not want the user to be rejected per se. I only want the user to be rejected if her own huntgroup as stored in radgroupcheck is different from the huntgroup of the Called-Station-Id in the radhuntgroup table. The goal is to prevent a user to login to a hotspot router, that does not belong to the huntgroup the user belongs to. I am sorry if I have left out any other configuration, but again, according to the howto in the freeradius wiki, what I have configured is all that is necessary. But the wiki seems to be incorrect, so what do I need to configure to have a request rejected, where a user's huntgroup and an NAS huntgroup do not match?