huntgroups and bad_logins
Nicolas Baradakis
nbk at sitadelle.com
Thu Sep 8 14:46:50 CEST 2005
Jonathan De Graeve wrote:
> What I want to do is the following:
>
> NAS1: 10.1.1.1
> NAS2: 10.1.1.2
>
> SQL usergroups: patients, it
>
> IT may connect to NAS1&2, patients only to NAS2. I've been looking on
> the internet how to do this but didn't found it.
In your case, I'd suggest you try the following:
1. In your SQL database, add a field "NASIPAddress" to the tables
radcheck, radreply...
2. Then insert one row for each attribute of the users allowed to log
on NAS2, and two rows for attributes of the users allowed to log
on both NAS1 and NAS2.
3. In the file "sql.conf", add "AND NASIPAddress = '%{NAS-IP-Adresse}'"
in the "WHERE" clause of the authorize_* queries.
> I also have problems with the bad_login perlscript. When I run this
> script, it doesn't do anything (just hangs with no given output)
I think the script is just waiting for new requests to be received.
I note you may also use a post-auth query to log failed login in a SQL
database. (it has already been explained many times on the mailing list)
--
Nicolas Baradakis
PS: HTML is forbidden on the mailing list, please follow the house-rules
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list