Huntgroup Implementation with MySQL and Radgroupcheck
Jenny Blunt
jennyshoehorn at me.com
Thu Jul 26 11:06:19 CEST 2012
I forgot to mention that the look up works if I enter the Huntgroup-Name in radcheck.
For some reason, it's just failing in radgroupcheck
On Jul 26, 2012, at 09:51 AM, Jenny Blunt <jennyshoehorn at me.com> wrote:
I'm looking for some help with the implementation of huntgroups.
Am using mysql and have followed the following topic through:
http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-td4950385.html
In sites-available/default I have this, (just after preprocess:
update request {
Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'}"
}
And the debug log show's this query's working:
expand: %{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'} -> Location One
In my radgroupcheck table, I've added
Huntgroup-Name == Location One
I've also modified my authorize_group_check_query in dialup.conf as per a recommendation
authorize_group_check_query = "SELECT id, groupname, attribute_name, \
Value, op \
FROM ${groupcheck_table} \
WHERE ( groupname = '%{Sql-Group}' OR groupname = '%{Huntgroup-Name}' ) \
ORDER BY id"
(Which doesn't make logical sense to me)
What I'm failing to get my head around is how to reject or allow access based on the location their dialing in from?
For example, a user from IP 1.x.x.x should be allowed access at location 1 only.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120726/99321c52/attachment.html>
More information about the Freeradius-Users
mailing list