How to reject when user is not in the appropiate Huntgroup for site?

Thu Sep 11 17:17:49 CEST 2014

Dear Alan,

Thank you for your reply, I did follow the rest of that guide and added the
following information:

INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES
('test', 'site_a_admins', 0);

INSERT INTO `radhuntgroup` (`id`, `groupname`, `nasipaddress`, `nasportid`)
VALUES
(1, 'site_a', '192.168.56.2', NULL);

INSERT INTO `radgroupcheck` (`id`, `groupname`, `attribute`, `op`, `value`)
VALUES
(3, 'site_a_admins', 'Huntgroup-Name', '==', 'site_a');

If I understand the guide correctly only the test user should be able to
logon to site_a, however I am also granted access using my test2 user
credentials: did I overlook something? Again, thanks in advance!

Kind regards,

Jeroen Bosch

*Design Driven Networking - Smarter, better, controllable networks *

Jeroen Bosch | Developer
Business Centre Leeuwenveldseweg 5n, 1382 LV Weesp, NL
m: +31 6 22768473 | t: +31 20 894 3412
jeroen.bosch at netyce.com | www.netyce.com

On Thu, Sep 11, 2014 at 5:05 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> Jeroen Bosch wrote:
> > I'm trying to setup Huntgroups using the
> > HOWTO http://wiki.freeradius.org/guide/SQL-Huntgroup-HOWTO
> >
> > after adding "update reply {
> >         Huntgroup-Name := "%{sql:SELECT groupname FROM radhuntgroup
> > WHERE nasipaddress='%{NAS-IP-Address}'}"
> > }"
> >
> > to my sites-enabled/default I do see the queries in the debugging
> > information checking if the supplied user is part of the Huntgroup
> > however when this is not the case the user still get's access:
>
>   You should follow the REST of that guide.  Specifically, add an entry
> to the "radgroupcheck" table.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140911/1f2d81c8/attachment.html>