Huntgroup Implementation with MySQL and Radgroupcheck

Jenny Blunt jennyshoehorn at me.com
Thu Jul 26 11:06:19 CEST 2012


I forgot to mention that the look up works if I enter the Huntgroup-Name in radcheck.

For some reason, it's just failing in radgroupcheck

On Jul 26, 2012, at 09:51 AM, Jenny Blunt <jennyshoehorn at me.com> wrote:

I'm looking for some help with the implementation of huntgroups. 

Am using mysql and have followed the following topic through:

     http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-td4950385.html

In sites-available/default I have this, (just after preprocess:

     update request {
               Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'}"
     }

And the debug log show's this query's working:

     expand: %{sql:SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'} -> Location One

In my radgroupcheck table, I've added 

    Huntgroup-Name == Location One

I've also modified my authorize_group_check_query in dialup.conf as per a recommendation

authorize_group_check_query = "SELECT id, groupname, attribute_name, \
          Value, op \
          FROM ${groupcheck_table} \
          WHERE ( groupname = '%{Sql-Group}' OR groupname = '%{Huntgroup-Name}' ) \
          ORDER BY id"

(Which doesn't make logical sense to me)

What I'm failing to get my head around is how to reject or allow access based on the location their dialing in from?

For example, a user from IP 1.x.x.x should be allowed access at location 1 only.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120726/99321c52/attachment.html>


More information about the Freeradius-Users mailing list