Huntgroups checking in MySQL radgroupcheck

Fri Jun 7 09:57:04 CEST 2013

Il giorno gio, 06/06/2013 alle 09.21 +0200, Marco Marzetti ha scritto:

> Il giorno mer, 05/06/2013 alle 13.41 -0400, Alan DeKok ha scritto: 
> 
> > Marco Marzetti wrote:
> > > Also, if i understand it correctly, it makes sense to me since "==" is a
> > > filtering
> > > operator while ":=" add the attribute to the list for further checking
> > > 
> > > Anyway, i've updated the record above and putting ":=" and it doesn't work.
> > 
> >   It depends what you want to do.  I thought you had said you wanted to
> > *set* the huntgroups in SQL.  If so, := is the correct thing to use.
> > 
> >   If you're just checking it, == is the right one.
> 
> 
> Yes. I'm checking for a match between the NAS-IP-Address and the
> specified username.
> So, if user "foo" sends an authentication request through NAS
> "192.0.2.1", FreeRADIUS should check if 
> that NAS-IP-Address address matches with the ones associated to the
> Huntgroup named "APPARATI".
> 
> 
> > 
> >   The huntgroups are set in the "huntgroups" file.  Have you looked there?
> 
> 
> As said, the filter works if the user's Huntgroup-Name is set in the
> radcheck table and it doesn't if it is set 
> in the radgroupcheck one.
> 
> 
> > 
> >   Alan DeKok.
> 
> 
> Thank You
> 
> Marco 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I eventually found this in rlm_sql:

  5. For each group this user is a member of, the corresponding check
items
     are pulled from radgroupcheck table and compared with the request.
If
     there is a match, the reply items for this group are pulled from
the
     radgroupreply table and applied.

So there MUST be a match in radgroupcheck to make the user be a part of
the group.
Then you can't make an Huntgroup-Name check on a per group basis.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130607/7924e76c/attachment-0001.html>