SQL and Huntgroups

gregoire.leroy at retenodus.net gregoire.leroy at retenodus.net
Mon Apr 22 10:22:16 CEST 2013


Le 2013-04-20 15:23, Alan DeKok a écrit :
> gregoire.leroy at retenodus.net wrote:
>> Hello,
>> I'm translating a flat file configuration into a MySQL 
>> configuration,
>> but I have some difficulties with huntgroups.
>> An example of what I have in my flat file :
>>    21 example at domain>⋅⋅⋅⋅⋅⋅⋅>⋅⋅⋅⋅⋅⋅⋅Cleartext-Password := "password"
>>    22 >⋅⋅⋅⋅⋅⋅⋅>⋅⋅⋅⋅⋅⋅⋅>⋅⋅⋅⋅⋅⋅⋅Service-Type = Framed-User,
>   Well, no.  There's no need to add line numbers.  There's no need to
> replace tabs with ">.......".
>   You're confusing the issue.  Just copy text from the "users" file
> (which is it's name) to the email message.  Email can do text.

That's exactly what I did, it's how my editor shows it. I thought it 
would be more readable. I won't do it next time, thanks.

>> In SQL, I'm going to create a group "example_users", with all the 
>> common
>> data (line 22 to 30), an user "example at domain" who belongs to
>> "example_users".
>> I'm going to create an entry in radhuntgroup, with my
>> "one_huntgroup_name" and the IP of my NAS.
>   Then try that out in the "users" file.  The rlm_sql documentation 
> says
> that it mirrors the functionality of the "users" file.

>   So... don't change two things at once.  Create the config you want 
> in
> the "users" file as one step.  As the next step, move it to SQL.  
> Pretty
> much verbatim.

I don't understand : I already have huntgroups in my flat file. I 
didn't show the radhuntgroup file, but I thought that the fact I mention 
it in the users file would be sufficient.

>> Now, I see one problem : how can I differenciate when a request has 
>> the
>> user/pass/huntgroup and when it has only the user/pass ? I suppose 
>> that
>> create 3 entries in readcheck won't work because it seems awkward.
>> ( example at domain | Cleartext-Password | password | =:
>>   example at domain | Huntgroup-Name | one_huntgroup_name | ==
>>   example at domain | Cleartext-Password | password | =:
>> )
>   Well, the first and second one are identical.  So they're 
> duplicates,
> and you only need one.
>   But the second one checks for something different, so it's 
> different.

I am very sorry, but I don't understand your point. Maybe you meant the 
"first and the third one are identical" ?
If so, yes I know. Maybe my question was unclear.

First, I want to check is the user has the right password. If he has 
the right password, I want to give him a configuration and if he's in 
the "one_huntgroup_name" (i.e he's from a special NAS), I want to give 
him the Framed-IP-Address. That's the current behavior of my users file, 
and I want to translate it in SQL. Do you know how to do that ?

Thanks for your help,
Gregoire Leroy

More information about the Freeradius-Users mailing list