Example listed in huntgroup file does not work

Reynolds, Walter waltr at umich.edu
Wed Dec 12 15:51:14 CET 2007 

Replying to both suggestions inline, but neither will work.  

>> 
>> Try this:
>> 
>> alphen	NAS-IP-Address =~ '^192\.168\.2\.[56]$'
>> 		User-Name == test1,
>> 		User-Name == test2
>>

Problem is in real deployment the IPaddress will be varied from
different subnets.
 
>> Regards,
>> Frank Ranner
>> 




> Date: Tue, 11 Dec 2007 22:28:54 +0100
> From: <tnt at kalik.co.yu>
> 
> Example is fine. "Reply" items apply only to the huntgroup under which
> they are listed. They won't apply to others even with the same name.

But I guess here is my problem.  How do you assign more than one NAS to
a huntgroup?  


> Try this (not sure if Huntgroup-Name works in preprocess):
> 
> alphen         NAS-IP-Address == 192.168.2.5
> alphen         NAS-IP-Address == 192.168.2.6
> let_in       Huntgroup-Name == alphen	
>  		User-Name == test1,
> 		User-Name == test2

This did not work as is.

> 
> Normally, you would add those users to a group and use Huntgroup-Name
> check in radgroupcheck.

But this uses SQL which we are not using and would prefer not to.

> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> Dana 11/12/2007, "Reynolds, Walter" <waltr at umich.edu> pi?e:
> 
> >I have tried to set up a huntgroup to match based on the example that
> is
> >given in the file itself, but am not getting expected results.  I
want
> >to limit the users that can connect to specific NAS's which works
well
> >if there is only one NAS in the huntgroup, but does not work for more
> >than one.  So I am sure that there is something simple I am missing
> >
> >Following is what I have.  It will prevent user test3 from
> >authenticating on 192.168.2.6, but not .5
> >
> >
> >alphen         NAS-IP-Address == 192.168.2.5
> >alphen         NAS-IP-Address == 192.168.2.6
> >			User-Name == test1,
> >			User-Name == test2
> >
> >So why does the authorize section not see the first NAS listed in the
> >huntgroup?  I have many boxes that need the same users while limiting
> >all others.  This could be done with a huntgroup for each NAS, but
> then
> >if a user changes I am forced to modify every huntgroup.   I am using
> >1.1.6.  Thanks.
> >
> >
> >---
> >Walt Reynolds
> >Principal Systems Security Development Engineer
> >Information Technology Central Services
> >University of Michigan
> >(734) 615-9438
> >

More information about the Freeradius-Users mailing list