How to allow nas'es to serve only groups of clients?

Alexander Solodukhin alt at softwarium.net
Thu Mar 12 13:56:03 CET 2009 

On Thu, 12 Mar 2009 14:20:58 +0200, <tnt at kalik.net> wrote:

>> Thank you for help. I try to do as you say and put this to authorize
>> section after preprocess:
>>
>>        preprocess
>>
>>         # allow  hotspot users only
>>         if (SQL-Group != 'Spot') {
>>                 reject
>>         }
>>
>> Here debug on this action:
>>
>> ++? if (SQL-Group != 'Spot')
>> sql_groupcmp
>>         expand: %{User-Name} -> spot2
>> sql_set_user escaped user --> 'spot2'
>> rlm_sql (sql): Reserving sql socket id: 4
>>         expand: SELECT groupname           FROM radusergroup
>> WHERE username = '%{SQL-User-Name}'
>>    ORDER BY priority -> SELECT groupname           FROM
>> radusergroup           WHERE username = 'spot2'
>> ORDER BY priority
>> sql_groupcmp finished: User is a member of group Spot
>> rlm_sql (sql): Released sql socket id: 4
>> ? Evaluating (SQL-Group != 'Spot') -> TRUE
>> ++? if (SQL-Group != 'Spot') -> TRUE
>> ++- entering if (SQL-Group != 'Spot') {...}
>> +++[reject] returns reject
>> ++- if (SQL-Group != 'Spot') returns reject
>>
>> strange behaviour, user 'spot2' belongs to group 'Spot', but if clause
>> return TRUE and reject returned.
>>
>
> OK, it looks like it doesn't work in unlang. I don't know if it is
> suposed to, but Alan will know. Put this in users file:
>
> DEFAULT   SQL-Group != "Spot", Auth-Type := Reject (, Huntgroup-Name ==
> "hotspot")
>                  Reply-Message := "Only hotspot users allowed"
>
> You will probably need to add NAS-IP-Address or Huntgroup-Name in order
> to tie it to the originating NAS.
>
> Ivan Kalik
> Kalik Informatika ISP

This is works with hungroups, thanks!

Here example for future readers:

raddb/users:
DEFAULT SQL-Group != "Spot", Auth-Type := Reject, Huntgroup-Name == "Spot"
         Reply-Message := "ERROR 104: Only hotspot users allowed to login."

raddb/huntgroups:
Spot            NAS-IP-Address == 212.110.144.142
Spot            NAS-IP-Address == 212.110.136.226


>
> -
> List info/subscribe/unsubscribe? See  
> http://www.freeradius.org/list/users.html



-- 
ISP CrIS, Softwarium

More information about the Freeradius-Users mailing list