working huntgroups

Carlos Mauricio Reyes Sanmiguel creyes at co.ibm.com
Tue May 16 23:58:15 CEST 2006


Hi,

I need to separate the users in the machines that they have access to, i 
read about the huntgroups file, but is not working, it seems that the 
radius is not checking the huntgroup file to give the access.

I have a freeradius on a Redhat machine, running with the MySQL database 
for the users and groups information. I have the information on the 
radcheck, the radgroupcheck, and  the radgroup repply tables, all the 
connections and the authentication works ok, the problem is that the users 
have access to all of the machines, even the ones that they shouldn´t.

This is what i have in my radgroup reply table..

GroupName        Attribute              op      Value
test            Cisco-AVPair            =       shell:cmd* 
test            Cisco-AVPair            =       shell:priv-lvl=15
test            Service-Type            =       Shell-User 
test            Huntgroup-Name  =       name 

the hunt group is like this.

#name huntgroup
name       NAS-IP-Address == 10.0.2.244
name       NAS-IP-Address == 10.0.2.246
name       NAS-IP-Address == 10.0.2.248
                  Group = test


It suppose that the user with that huntgroup name in their attribute 
should only be able to connect to those IP addresess.. or that´s what i 
expect.. ;)

Thank you.. in advance..


Carlos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060516/55eef816/attachment.html>


More information about the Freeradius-Users mailing list