Huntgroup Checking
Alan DeKok
aland at deployingradius.com
Sun Oct 30 18:03:06 CET 2011
simonm123 wrote:
> Am new to freeradius but have it mainly set up just fine. It's a fantastic
> tool and I'm enjoying using it :)
That's good to hear.
> Just one thing I'm struggling with is the huntgroups. I've followed the wiki
> to the letter and can see the server checking in the debug log.
>
> What I basically want to do is restrict users to certain networks, as per
> the wiki. If their huntgroup-name matches their huntgroup based on nasip,
> they can get online, otherwise they're rejected.
OK...
> I've put Huntgroup-Name = NetworkA in my radgroupcheck folder.
Use "==". It does comparisons.
> In my radhuntgroup table, I have the nasip and groupname = NetworkA
>
> Then, in the authorize section of my default host, I put:
>
> update request {
> Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE
> nasipaddress='%{NAS-IP-Address}'}"
> }
No, that won't work. The huntgroups are defined by the "huntgroups"
file. You can't change them like you're trying to do.
Instead, use another attribute. Invent one. See raddb/dictionary.
Alan DeKok.
More information about the Freeradius-Users
mailing list