Dear Alan, Thank you for your reply, I did follow the rest of that guide and added the following information: INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES ('test', 'site_a_admins', 0); INSERT INTO `radhuntgroup` (`id`, `groupname`, `nasipaddress`, `nasportid`) VALUES (1, 'site_a', '192.168.56.2', NULL); INSERT INTO `radgroupcheck` (`id`, `groupname`, `attribute`, `op`, `value`) VALUES (3, 'site_a_admins', 'Huntgroup-Name', '==', 'site_a'); If I understand the guide correctly only the test user should be able to logon to site_a, however I am also granted access using my test2 user credentials: did I overlook something? Again, thanks in advance! Kind regards, Jeroen Bosch *Design Driven Networking - Smarter, better, controllable networks * Jeroen Bosch | Developer Business Centre Leeuwenveldseweg 5n, 1382 LV Weesp, NL m: +31 6 22768473 | t: +31 20 894 3412 jeroen.bosch@netyce.com | www.netyce.com On Thu, Sep 11, 2014 at 5:05 PM, Alan DeKok <aland@deployingradius.com> wrote:
Jeroen Bosch wrote:
I'm trying to setup Huntgroups using the HOWTO http://wiki.freeradius.org/guide/SQL-Huntgroup-HOWTO
after adding "update reply { Huntgroup-Name := "%{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'}" }"
to my sites-enabled/default I do see the queries in the debugging information checking if the supplied user is part of the Huntgroup however when this is not the case the user still get's access:
You should follow the REST of that guide. Specifically, add an entry to the "radgroupcheck" table.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html