Huntgroups issue - every user is accepted

Hanno Schupp hanno.schupp at gmail.com
Mon Jan 19 13:03:58 CET 2009



-----Original Message-----
From: tnt at kalik.net [mailto:tnt at kalik.net] 
Sent: Monday, 19 January 2009 10:52 p.m.
To: FreeRadius users mailing list
Subject: Re: Huntgroups issue - every user is accepted

> >The goal is to suppress roaming between hotspot routers, between groups
of
> >hotspots.
> >
> >
> >`radhuntgroup`
> >
> >`id`, `groupname`, `calledstationid`
> >
> >1, 'Test-Rejec', '00-1D-7E-E7-96-9F'
> >
> >
> >
> >`usergroup`
> >
> >`UserName`, `GroupName`, `priority`
> >
> >'yubvef13', 'TestGroup', 1
> >
> >

> This is OK.

> >
> >`radgroupcheck`
> >
> >`id`, `GroupName`, `Attribute`, `op`, `Value`
> >
> >1, 'TestGroup', 'Huntgroup-Name', ':=', 'Test'
> >

> This doesn't check anything. It sets huntgroup to Test.

> As I understand it you want to reject huntgroups that are not Test. So
> make such a policy:

> Huntgroup-Name != "Test", Auth-Type := Reject

Thanks for your response. It overlapped time wise with one from Alan.
However, the issue remains:
I do not want the user to be rejected per se. I only want the user to be
rejected if her own huntgroup as stored in radgroupcheck is different from
the huntgroup of the Called-Station-Id in the radhuntgroup table. The goal
is to prevent a user to login to a hotspot router, that does not belong to
the huntgroup the user belongs to. I am sorry if I have left out any other
configuration, but again, according to the howto in the freeradius wiki,
what I have configured is all that is necessary. 
But the wiki seems to be incorrect, so what do I need to configure to have a
request rejected, where a user's huntgroup and an NAS huntgroup do not
match?






More information about the Freeradius-Users mailing list