Hunt groups not working, FR v 3.0.3
*
zhex900 at gmail.com
Fri May 30 07:28:37 CEST 2014
Hi,
I got it working using unlang.
sites-enabled/default
authorize {
update request {
Site-Location := "%{sql:SELECT radhuntgroup.groupname FROM `radhuntgroup`
INNER JOIN `radgroupcheck` ON radhuntgroup.groupname=radgroupcheck.value
INNER JOIN `radusergroup` ON radgroupcheck.groupname=radusergroup.groupname
AND radgroupcheck.attribute ='Site-Location' WHERE
`nasipaddress`='%{NAS-IP-Address}' AND
radusergroup.username='%{User-Name}'}"
}
if ( Site-Location == '' ) {
update reply {
Reply-Message := "You are not authorised to access this site
('%{NAS-IP-Address}')!"
}
reject
}
}
On Fri, May 30, 2014 at 10:53 AM, * <zhex900 at gmail.com> wrote:
> Hi,
>
> I am try to use huntgroups to restrict user access to a certain NAS.
>
> However I cannot get it to work using the huntgroup files and user files.
> I have tried using sql, this does work for me either.
>
> This is my configuration for files.
>
> users:
> bob Cleartext-Password := "bob", Huntgroup-Name="site1"
> Reply-Message := "Hello, %{User-Name}"
>
> huntgroups
> site1 NAS-IP-Address == 10.1.1.13
>
> The user can login when Huntgroup-Name="site1" is removed.
>
> This from debug:
>
> (33) eap_mschapv2 : Auth-Type MS-CHAP {
> (33) WARNING: mschap : No Cleartext-Password configured. Cannot create
> LM-Password
> (33) WARNING: mschap : No Cleartext-Password configured. Cannot create
> NT-Password
> (33) mschap : Creating challenge hash with username: bob
> (33) mschap : Client is using MS-CHAPv2
> (33) ERROR: mschap : FAILED: No NT/LM-Password. Cannot perform
> authentication
> (33) ERROR: mschap : MS-CHAP2-Response is incorrect
> (3
>
> Jake He
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140530/144dbdd7/attachment.html>
More information about the Freeradius-Users
mailing list