HuntGroup check in radgroupcheck
Lorenzo Milesi
maxxer at ufficyo.com
Thu Feb 21 18:37:48 CET 2013
> Post the debug output, as suggested in the FAQ, "man" page, web
> pages, and daily on this list.
I posted the freeradius -X output into the linked file... Aren't you referring to that?
>
> > Given the following properties:
> > radcheck:
> > F000001 MD5-Password := somemd5hash
> > radusergroup
> > F000001 HuntGroup01
> > radgroupcheck
> > F000001 Huntgroup-Name =~ nas04|nas05
> >
> > the user is always authenticated, even if the connection comes from
> > a nas which is not nas04 or nas05.
>
> I think you're confused about huntgroups. NASes are placed into
> huntgroups via the "huntgroups" file. Not SQL. When you check group
> membership, you check for the huntgroup name, not the NAS name.
According to [1] huntgroups can be checked via SQL as well...
>From the debug output i posted here [2] you can see the huntgroup is correctly identified from SQL...
[1] http://wiki.freeradius.org/guide/SQL_Huntgroup_HOWTO
[2] https://dl.dropbox.com/u/706934/check01.gz
> You're using Huntgroup-Name to check the *nas* name. It won't
> work.
I omitted to say that in my radhuntgroup table I defined HG with the same names as nases in the nas table. Can this be a problem?
thanks
--
Lorenzo Milesi - lorenzo.milesi at yetopen.it
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
More information about the Freeradius-Users
mailing list