Hello, I bought the radius book from O'Reilly and its a good book except when you want to use freeradius mainly with an SQL backend. (default users profiles in SQL) Also the principle of huntgroups isn't very well explained. What I want to do is the following: NAS1: 10.1.1.1 NAS2: 10.1.1.2 SQL usergroups: patients, it IT may connect to NAS1&2, patients only to NAS2. I've been looking on the internet how to do this but didn't found it. I also have problems with the bad_login perlscript. When I run this script, it doesn't do anything (just hangs with no given output) Kind Regards
Jonathan De Graeve wrote:
What I want to do is the following:
NAS1: 10.1.1.1 NAS2: 10.1.1.2
SQL usergroups: patients, it
IT may connect to NAS1&2, patients only to NAS2. I've been looking on the internet how to do this but didn't found it.
In your case, I'd suggest you try the following: 1. In your SQL database, add a field "NASIPAddress" to the tables radcheck, radreply... 2. Then insert one row for each attribute of the users allowed to log on NAS2, and two rows for attributes of the users allowed to log on both NAS1 and NAS2. 3. In the file "sql.conf", add "AND NASIPAddress = '%{NAS-IP-Adresse}'" in the "WHERE" clause of the authorize_* queries.
I also have problems with the bad_login perlscript. When I run this script, it doesn't do anything (just hangs with no given output)
I think the script is just waiting for new requests to be received. I note you may also use a post-auth query to log failed login in a SQL database. (it has already been explained many times on the mailing list) -- Nicolas Baradakis PS: HTML is forbidden on the mailing list, please follow the house-rules http://www.freeradius.org/list/users.html
participants (2)
-
Jonathan De Graeve -
Nicolas Baradakis