Example listed in huntgroup file does not work

Reynolds, Walter waltr at umich.edu
Thu Dec 13 15:06:55 CET 2007 

I am looking at that option, but I should not have to.  Per the
huntgroups file:

"#               This file can also be used to define restricted access
#               to certain huntgroups. The second and following lines
#               define the access restrictions (based on username and
#               UNIX usergroup) for the huntgroup.
#"


So I can create a huntgroup with multiple Nas, but the 'second and
following lines' are only recognized by the last entry in the huntgroup.
So If I go with groups, I should be able to add the following: (can
someone tell me if this is the write syntax, or do I still have to add
something to the dictionary.... have to leave right now to catch a
flight.  Thanks)  

File radiusd.conf

        passwd etc_group {
               filename = /usr/local/ett/raddb/grouplist
               format = "=Group-Name:*,User-Name"
               hashsize = 50
               ignorenislike = yes
               allowmultiplekeys = yes
               delimiter = ":"
        }

=================
File
/usr/local/etc/raddb/grouplist:

datacenter:user1,user2,usera

==================
File huntgroups:

Limit1         NAS-IP-Address == 192.168.2.5
Limit1         NAS-IP-Address == 192.168.2.6
			Group-Name == datacenter			
---
Walt Reynolds
Principal Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438

> 
> Message: 8
> Date: Thu, 13 Dec 2007 12:55:51 +0000
> From: A.L.M.Buxey at lboro.ac.uk
> Subject: Re: Example listed in huntgroup file does not work
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <20071213125551.GA29697 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> > I should say that I do not want to use an external solution.
> Creating a
> > huntgroup for each NAS with the exact same user list does work, but
> then
> > if I have to change a user I would then have to modify what could be
> > over 100 groups.
> 
> i think, therein, lies your problem - you havent looked at the whole
> logical design - and are fixated on the singular huntgroups file.
> 
> if you want to control users, in groups, with huntgroups etc then
> you should be using the huntgroup file to define NAS in groups, and
> then another config file eg users to tie users to those huntgroups.
> 
> alan
> 
> 
> ------------------------------
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> End of Freeradius-Users Digest, Vol 32, Issue 37
> ************************************************

More information about the Freeradius-Users mailing list