Weird huntgroup issue

Michael Mitchell mitchell.michael at bigpond.com
Tue Sep 20 12:36:55 CEST 2005 

The first Huntgroup that matches will be used, so in this case "vpn" will always match for requests with NAS-IP-Address == localhost.



Jonathan De Graeve wrote:
> Hello, I have a weird huntgroup issue.
> 
> I have users in a group 'artsen' with HuntgroupName => == ^(vpn|ras)$
> I have users in group 'stagiars' with HuntgroupName => == hotspot
> 
> On the radiussystem itself I can successfully authenticate users from
> group artsen but not from group stagiairs.
> 
> But I can login with a user from group stagiars from a nas with ip
> 194.8.52.37
> 
> My NASclients from SQL:
> 
> 17 | localhost             | localhost   | other |     0 |...
> 
> Huntgroup file:
> 
> # VPN infrastructure
> vpn             NAS-IP-Address == 10.2.254.1
> vpn             NAS-IP-Address == 10.2.254.2
> vpn             NAS-IP-Address == localhost
> #
> ras             NAS-IP-Address == 10.2.254.81
> ras             NAS-IP-Address == 10.2.254.82
> ras             NAS-IP-Address == localhost
> #
> hotspot         NAS-IP-Address == x.y.z.37
> hotspot         NAS-IP-Address == x.y.z.38
> hotspot         NAS-IP-Address == localhost
> 
> 
> This comes in the logging when I do a check on the radiusystem itself
> with following arguments:
> 
> radtest lvanhoey0 password localhost:1812 0 passwordhere
> 
> radius_xlat:  'lvanhoey0'
> rlm_sql (sql): sql_set_user escaped user --> 'lvanhoey0'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'lvanhoey0' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 3
> radius_xlat:  'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
> pcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'lvanhoey0' AND usergroup.GroupName =
> radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
> Username = 'lvanhoey0' ORDER BY id'
> radius_xlat:  'SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
> preply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
> usergroup.Username = 'lvanhoey0' AND usergroup.GroupName =
> radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): No matching entry in the database for request from user
> [lvanhoey0]
> rlm_sql (sql): Released sql socket id: 3
>   modcall[authorize]: module "sql" returns notfound for request 0
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "uploadlimit" returns noop for request 0
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "volumelimit" returns noop for request 0
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "prepaidcounter" returns noop for request 0
> modcall: group authorize returns ok for request 0
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [lvanhoey0/jo0clni3] (from client localhost port 0)
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> 
> 
> And logging when login in from nas-ipadress
> 
> modcall: entering group authorize for request 12
>   modcall[authorize]: module "preprocess" returns ok for request 12
>   modcall[authorize]: module "chap" returns noop for request 12
>   modcall[authorize]: module "mschap" returns noop for request 12
>   modcall[authorize]: module "digest" returns noop for request 12
>     rlm_realm: No '@' in User-Name = "lvanhoey0", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 12
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 12
> radius_xlat:  'lvanhoey0'
> rlm_sql (sql): sql_set_user escaped user --> 'lvanhoey0'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'lvanhoey0' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 1
> radius_xlat:  'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
> pcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'lvanhoey0' AND usergroup.GroupName =
> radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
> Username = 'lvanhoey0' ORDER BY id'
> radius_xlat:  'SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
> preply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
> usergroup.Username = 'lvanhoey0' AND usergroup.GroupName =
> radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 1
>   modcall[authorize]: module "sql" returns ok for request 12
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "uploadlimit" returns noop for request 12
> rlm_sqlcounter: Entering module authorize code
> 
> 
> 
> Any idea's???
>

More information about the Freeradius-Users mailing list