HuntGroup check in radgroupcheck
Lorenzo Milesi
maxxer at ufficyo.com
Thu Feb 21 17:36:22 CET 2013
Hi.
I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't seem to work.
Given the following properties:
radcheck:
F000001 MD5-Password := somemd5hash
radusergroup
F000001 HuntGroup01
radgroupcheck
F000001 Huntgroup-Name =~ nas04|nas05
the user is always authenticated, even if the connection comes from a nas which is not nas04 or nas05.
If I place the Huntgroup-Name property in the radcheck the user is correctly limited to the selected NASes.
Output of the accounting session of "freeradius -X" attached here: https://dl.dropbox.com/u/706934/check01.gz
The results of the ran queries:
SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'F0000001' ORDER BY id
F000001 Md5-Password := xxx
SELECT id, username, attribute, value, op FROM radreply WHERE username = 'F0000001' ORDER BY id
(empty)
SELECT groupname FROM usergroup WHERE username = 'F0000001' ORDER BY id
huntgroup01
SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'huntgroup01' OR groupname = 'nas04' ORDER BY id
huntgroup01 Huntgroup-Name nas01|nas02 =~
The final query correctly returns the list of nases the user is allowed to login to, but apparently it's not considered. Why this? what am I missing?
In addition to that, can I set a certain property (i.e. WISPr-Session-Terminate-Time) only if the user connects to a specific huntgroup?
thanks
--
Lorenzo Milesi - lorenzo.milesi at yetopen.it
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
More information about the Freeradius-Users
mailing list