LDAP-defined huntrgroups: docs, pointers, anything?
Alan DeKok
aland at deployingradius.com
Wed Mar 5 19:34:52 UTC 2025
On Mar 5, 2025, at 1:59 PM, Jostein Fossheim <jfossheim at skyfritt.net> wrote:
> Did some basic tests from the command line:
>
> I have defined one NAS/client in our lab-setup with IP 172.17.10.112, which is a member of two "huntgroups" (hostgroups in FreeIPA), and I can either get them in one query or two queries. Like this:
>
> # One query:
> $ ldapsearch -LLLQ -o ldif_wrap=no "(radiusClientIPAddress=172.17.10.112)" memberOf | grep -v "^dn: "
> memberOf: cn=radius_huntgroup,cn=hostgroups,cn=accounts,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_huntgroup,cn=ng,cn=alt,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_second_huntgroup,cn=hostgroups,cn=accounts,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_second_huntgroup,cn=ng,cn=alt,dc=lab,dc=skyfritt,dc=net
>
> # Two queries:
> $ "ldapsearch -LLLQ -o ldif_wrap=no "(radiusClientIPAddress=172.17.10.112)" fqdn | grep -v "^dn: "
> fqdn: valkyrie3.lab.skyfritt.net
>
> $ ldapsearch -LLLQ -o ldif_wrap=no "(member=*valkyrie3.lab.skyfritt.net*)" cn | grep -v "^dn: "
> cn: radius_huntgroup
> cn: radius_second_huntgroup
>
> So huntgroups should be doable, after the model form the SQL-howto.
That's good news!
Alan DeKok.
More information about the Freeradius-Users
mailing list