SQL Huntgroup only work with user check, not group check
Ivan Kalik
tnt at kalik.net
Thu Sep 3 13:27:15 CEST 2009
> On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin<jumbo at vinf.ru> wrote:
>>
>>> +----+----------+--------------------+----+----------+
>>> | id | username | attribute | op | value |
>>> +----+----------+--------------------+----+----------+
>>> | 5 | jack | Huntgroup-Name | == | wireless |
>>> | 4 | jack | Cleartext-Password | := | foo |
>>> +----+----------+--------------------+----+----------+
>> You wrote rules for authorization/athentication of jack: Jack grants
>> access from hardware of 'wireless' huntgroup with 'foo' password.
>
> I wrote the rules for huntgroup here because the rules in groupcheck
> didn't work. If I take this out, just keeping the groupcheck, 'jack'
> will connect from any hardware. The groupcheck is ignoring the
> huntgroups.
"Didn't work"? Sql groups emulate the way DEFAULT entries in users file
work. The situation there is the same - if check doesn't match, entry is
skipped. They do not emulate user entries - that's what radcheck/radreply
entries do. That's why entries in radcheck "worked" and those in
radgroupcheck "didn't".
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list