How to allow nas'es to serve only groups of clients?
tnt at kalik.net
tnt at kalik.net
Thu Mar 12 13:20:58 CET 2009
>Thank you for help. I try to do as you say and put this to authorize
>section after preprocess:
>
> preprocess
>
> # allow hotspot users only
> if (SQL-Group != 'Spot') {
> reject
> }
>
>Here debug on this action:
>
>++? if (SQL-Group != 'Spot')
>sql_groupcmp
> expand: %{User-Name} -> spot2
>sql_set_user escaped user --> 'spot2'
>rlm_sql (sql): Reserving sql socket id: 4
> expand: SELECT groupname FROM radusergroup
>WHERE username = '%{SQL-User-Name}'
> ORDER BY priority -> SELECT groupname FROM
>radusergroup WHERE username = 'spot2'
>ORDER BY priority
>sql_groupcmp finished: User is a member of group Spot
>rlm_sql (sql): Released sql socket id: 4
>? Evaluating (SQL-Group != 'Spot') -> TRUE
>++? if (SQL-Group != 'Spot') -> TRUE
>++- entering if (SQL-Group != 'Spot') {...}
>+++[reject] returns reject
>++- if (SQL-Group != 'Spot') returns reject
>
>strange behaviour, user 'spot2' belongs to group 'Spot', but if clause
>return TRUE and reject returned.
>
OK, it looks like it doesn't work in unlang. I don't know if it is
suposed to, but Alan will know. Put this in users file:
DEFAULT SQL-Group != "Spot", Auth-Type := Reject (, Huntgroup-Name ==
"hotspot")
Reply-Message := "Only hotspot users allowed"
You will probably need to add NAS-IP-Address or Huntgroup-Name in order
to tie it to the originating NAS.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list