Login-Time, huntgroup and mysql
Hi I'm have using freeradius+mysql. All the users are on a mysql database, and we have our owns NAS pointed to the radius servers, everything work fine. Recently, in order to increase our capabilities was introduced an other NAS that points to an other freeradius server who proxied the requests to our server. We were trying to control the trafic to the remote NAS by using the Login-Time attribute and "huntgroups" file to distinguish the requests that come from the remote NAS. So, we have an entry on huntgroup file like this: huntgroup file: . . . remote_nas NAS-IP-Address == 1.2.3.4 . . . then on the users file: . . . DEFAULT Service-Type == Framed-User, Login-Time := "al0600-1800", Huntgroup-Name == "remote_nas" Fall-Through = Yes . . . then on radiusd.conf, at the authorize we have files and sql The above configuration work O.K! But all peoples that try to connect to NAS 1.2.3.4 out of time will be reject. So we define 3 users categories: 1- the useres that only can login by day ("al0600-1800"); 2- users that only can login by night ("al1800-0600"); and 3- users than can login any time at the romote NAS. If the same user try to connect to an other NAS, then the Login-Time have'n effect, so that it can connect any time. How we can do that without have to do any change on the users names and groups of the data base? We probe the fallowing: huntgroup file: . . . remote_nas NAS-IP-Address == 1.2.3.4 . . . then on the users file: . . . DEFAULT Service-Type == Framed-User, User-Category == "day", Login-Time := "al0600-1800", Huntgroup-Name == "remote_nas" Fall-Through = Yes DEFAULT Service-Type == Framed-User, User-Category == "night", Login-Time := "al1800-0600", Huntgroup-Name == "remote_nas" Fall-Through = Yes DEFAULT Service-Type == Framed-User, User-Category == "fulltime", Huntgroup-Name == "remote_nas" Fall-Through = Yes . . . on mysql: radcheck +----+-----------+----------------+----+------------------------------------+ | id | UserName | Attribute | op | Value | +----+-----------+----------------+----+------------------------------------+ | 1 | alexander | Crypt-Password | == | $1$9D9s.vO6$GlVbRFf7qRaUXTAJ1gGGe. | | 4 | alexander | User-Category | := | day | +----+-----------+----------------+----+------------------------------------+ and radiusd.conf, at the authorize we have files and sql But this configuration don't work because the request never match any of 3 entries of users file due to User-Category attribute, maybe cause sql is the last module that the server call: . . . authorize { . . preprocess . . files . . sql . . } We would be grateful for any suggestion. Thanks. ------------------------------------------------- Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu
participants (1)
-
alexander@infomed.sld.cu