huntgroups and mysql

simon at simon at
Wed Aug 2 17:45:15 CEST 2006


I want to restrict access for particular access points based on a user name.  So a particular user can be authenticated on several access points (through a single freeRadius server) but should be denied access on others.

I have been reading around, and I think that the way to approach this is through the use of huntgroups.  I am not sure what changes need to be incorporated to make this work properly.

I am running freeRadius 1.1.2, and am using mySQL 5 as a backend.

Here is what I have started with.  

I set up an entry in the huntgroups file something like this:

groupname1	NAS-IP-Address ==
		Group = firstgroup
Then, in my database, I would need the following entries in the following tables:

-- radcheck --

id  	UserName	Attribute	Value 		Op
1	test		Password	testp		==
2	test		Huntgroup-Name	groupname1	==

-- usergroup --

id	UserName	GroupName
1	test		firstgroup

Is this all that needs to be done?  The goal here is to allow user "test" to be authenticated when he tries to connect from the NAS with IP address  If he tries to be authenticated through another NAS, then it should be rejected.  

My other question is if I want user "test" to know be allowed to authenticate through another NAS (in addition to the previous one), what needs to be done?  I would think that I would need to make another entry for the second NAS in the huntgroups file (giving a Group = secondgroup key-value pair), and then make another entry in the usergroup table with UserName "test" and GroupName "secondgroup".

If I am way off, other suggestions would also be greatly appreciated.



More information about the Freeradius-Users mailing list