huntgroups, sql, and users
jfr at e4x.net
jfr at e4x.net
Sun Sep 3 23:25:26 CEST 2006
Greetings, we're migrating over from xtradius (yet another cistron
derivative) to FreeRadius, and so far, basic authentication seem to work,
but onto the huntgroups we're running into a big of a snag.
We're using FreeRadius 1.1.2 on Debian w/2.6.12 Kernel, and MySQL 5.0.22
installed FreeRadius stuff via training wheels (apt-get install freeradius
freeradius-mysql freeradius-dialupadmin)
What we're trying to do is send spacific attributes based on the NAS
sending the request... for example:
huntgroups file:
tc1 NAS-IP-Address = 1.2.3.4
GP NAS-IP-Address = 1.2.3.5
for tc1, which only has 48 lines, we used to assign an IP based on port:
users file:
DEFAULT Service-Type = Framed-User, Huntgroup-Name = "tc1"
Framed-IP-Address = 1.2.3.100+,
Framed-IP-Netmask = 255.255.255.255,
Fall-Through = Yes
#(and for the GP, which is actually globalpop):
DEFAULT Service-Type = Framed-User, Huntgroup-Name = "GP"
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 1.2.3.25/32 0",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward 0",
Fall-Through = Yes
so, in theory, a request coming in via a GP nas, should get all those
silly Ascend-Data-Filter attributes, and the tc1 box should not, but
instead have an IP based on 1.2.3.100 plus the port number.
in the authorize section in radiusd.conf, there is an entry for "files"
which does indeed point to the users file in the files section. Also
turned on "compat=yes" but no luck there. huntgroups is in the preprocess
area, and preprocess is in authorize.
Am I missing something somewhere? This whole chain of events gets rather
confusing. Before (with xtradius) everything was done in the users file,
which just fired off an external app which I wrote, that manually checks
the database to see if username/password exists.. but freeradius is a
little more detailed.
- - - Jon
More information about the Freeradius-Users
mailing list