Make sense of SQL Huntgroup HOWTO?

Alan DeKok aland at deployingradius.com
Fri Dec 18 21:43:26 CET 2015


On Dec 18, 2015, at 3:38 PM, Joel Bergmark <joel.bergmark at t3.se> wrote:
> 
> I'm not sure I have been clear enough.
> 
> If conditions below is achieved ie, it's determined that user is 2ndline and nas is 3rdline then it's supposed to be rejected? If so then its not working since the radius allows access.

  The server does not have these rules by default.  If the rules you created don't do what you want, it's because the rules are wrong.

> If not, then I probably haven’t made myself understood, if user is recognized as 2ndline attempting to login to something belonging to 3rdline it should be rejected.

  Sure.

> Perhaps something more like this would work as described?
> 
>        update request {
>                Huntgroup-Name := "%{sql:SELECT groupname FROM radhuntgroup WHERE nasipaddress='%{NAS-IP-Address}'}"
>        }
>                if ((Huntgroup-Name == "2ndline" || SQL-Group != "2ndline")) {
>                reject
>        }

  No.  That does NOT do what you want.

  Why not use the rules I put in my previous message?  Are you changing them... just because?  Do you understand what they did?  Do you understand the difference between what I posted, and what you posted here?

  Alan DeKok.




More information about the Freeradius-Users mailing list