Huntgroup Checking

Lorenzo Milesi maxxer at ufficyo.com
Thu Feb 28 12:49:09 CET 2013


I'm having the very same issue, and can't understand why.

If the Huntgroup-Name value is in radcheck the limitation is done correctly, but it is not when the Huntgroup-Name is in radgroupcheck, while the example here [1] is exactly with radgroupcheck.
The proposed change doesn't work, also because it's not relevant.
As per the example in the url:
example user is in group site_a_admins (radusergroup)
site_a is in radhuntgroup
have in radgroupcheck:
site_a_admins Huntgroup-Name == site_a

access is allowed anywhere.
If you move the check in radcheck, like:
example user Huntgroup-Name == site_a
then the check is performed correctly.

The proposed modification to the group check query just adds huntgroup's properties to the request.


thanks

[1] http://wiki.freeradius.org/guide/SQL_Huntgroup_HOWTO

----- Messaggio originale -----
> Da: "Ben West" <westbywest at gmail.com>
> A: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Inviato: Mercoledì, 2 novembre 2011 15:22:25
> Oggetto: Huntgroup Checking
> 
> You may need to inspect whether the groupcheck query in
> mysql/dailup.conf (if you are using MySQL) looks in the huntgroup
> table.
> 
> For example, this is the default query in my copy of freeRADIUS
> provided by Debian:
> 
>         authorize_group_check_query = "SELECT id, groupname, attribute, \
>           Value, op \
>           FROM ${groupcheck_table} \
>           WHERE groupname = '%{Sql-Group}' \
>           ORDER BY id"
> 
> Try modifying it as such:
> 
>         authorize_group_check_query = "SELECT id, groupname, attribute, \
>           value, op \
>           FROM ${groupcheck_table} \
>           WHERE ( groupname = '%{Sql-Group}' \
>           OR groupname = '%{Huntgroup-Name}' ) \
>           ORDER BY id"
> 
> 
> On Wed, Nov 2, 2011 at 9:07 AM, simonm123 <simon.morley at me.com> wrote:
> > Can anyone tell me if hungroup checking can be made to work on the group
> > level, not just the user level?
> >
> > Thanks
> >
> > --
> > View this message in context:
> > http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155.html
> > Sent from the FreeRadius - User mailing list archive at Nabble.com.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> 
> 
> 
> --
> Ben West
> westbywest at gmail.com
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

--

-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/


More information about the Freeradius-Users mailing list