Huntgroup Checking

Simon Morley simon.morley at me.com
Sun Oct 30 20:23:45 CET 2011


On further investigation, I can see that the check works just fine if the attribute huntgroup-name == xxxxxxx is added to radcheck

For what reason can't we add to radgroupcheck?

What's the logic required to modify so we can restrict on a group level?


On 30 Oct 2011, at 17:03, Alan DeKok wrote:

> simonm123 wrote:
>> Am new to freeradius but have it mainly set up just fine. It's a fantastic
>> tool and I'm enjoying using it :)
> 
>  That's good to hear.
> 
>> Just one thing I'm struggling with is the huntgroups. I've followed the wiki
>> to the letter and can see the server checking in the debug log.
>> 
>> What I basically want to do is restrict users to certain networks, as per
>> the wiki. If their huntgroup-name matches their huntgroup based on nasip,
>> they can get online, otherwise they're rejected.
> 
>  OK...
> 
>> I've put Huntgroup-Name = NetworkA in my radgroupcheck folder.
> 
>  Use "==".  It does comparisons.
> 
>> In my radhuntgroup table, I have the nasip and groupname = NetworkA
>> 
>> Then, in the authorize section of my default host, I put:
>> 
>> update request {
>>    Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE
>> nasipaddress='%{NAS-IP-Address}'}"
>> }
> 
>  No, that won't work.  The huntgroups are defined by the "huntgroups"
> file.  You can't change them like you're trying to do.
> 
>  Instead, use another attribute.  Invent one.  See raddb/dictionary.
> 
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111030/44edcf95/attachment.html>


More information about the Freeradius-Users mailing list