Users Groups

Matt Hite lists at beatmixed.com
Thu Mar 11 19:59:04 CET 2010


Can you clarify this statement:

"but my user still got the privilege to connect to all the routers in
the network"

Do you send a specific RADIUS attribute, like a VSA? Or are you making
this statement based upon receiving an Access-Accept?

-M

On Thu, Mar 11, 2010 at 5:16 AM, Siryx XL <djsiryx at hotmail.com> wrote:
> Yes... i did it.
>
> When I run freeradius in debug mode (radiusd -X) I see that the nasipaddress
> make a match with radhuntgroup, but nothing happen after that, just the
> default process of authentication.
>
>> Date: Wed, 10 Mar 2010 14:58:08 -0800
>> Subject: Re: Users Groups
>> From: lists at beatmixed.com
>> To: freeradius-users at lists.freeradius.org
>>
>> Did you perform step #3 in the How-To?
>>
>> radiusd.conf:
>>
>> update request {
>> Huntgroup-Name := "%{sql:select groupname from radhuntgroup where
>> nasipaddress=\"%{NAS-IP-Address}\"}"
>> }
>>
>> On Wed, Mar 10, 2010 at 12:53 PM, Siryx XL <djsiryx at hotmail.com> wrote:
>> > I tried the huntgroups but it didn't work.
>> >
>> > I use this guide http://wiki.freeradius.org/SQL_Huntgroup_HOWTO because
>> > i'm
>> > using MySQL to store all my users, huntgroups, etc.
>> >
>> > I create the huntgroup table, associate the nasipaddres to a group,
>> > create
>> > the radgroupchek, and associate my user with the group; but my user
>> > still
>> > got the privilege to connect to all the routers in the network.
>> >
>> > Something is missing? thanks for the help.
>> >
>> > ________________________________
>> > Date: Sat, 6 Mar 2010 07:20:27 +1300
>> > Subject: Re: Users Groups
>> > From: plambrechtsen at gmail.com
>> > To: freeradius-users at lists.freeradius.org
>> >
>> > On Sat, Mar 6, 2010 at 5:42 AM, John Dennis <jdennis at redhat.com> wrote:
>> >
>> > On 03/05/2010 11:31 AM, Siryx XL wrote:
>> >
>> > Hi everyone.
>> >
>> > I'm using FreeRADIUS Version 2.1.1, I use it to control the access to a
>> > routers networks.
>> >
>> > I want to permit certain users to get access to some routers and deny
>> > access to another routers. Like group the users per routers, I read some
>> > documentation, but i can't make it work.
>> >
>> > Have you tried using huntgroups?
>> >
>> > Me I always use huntgroups + ldap as that way the groups are managed in
>> > your
>> > LDAP directory.
>> >
>> >
>> > http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg00001.html
>> >
>> >
>> >
>> > ________________________________
>> > Hotmail: Powerful Free email with security by Microsoft. Get it now.
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> ________________________________
> Hotmail: Free, trusted and rich email service. Get it now.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list