LDAP-defined huntrgroups: docs, pointers, anything?

Alan DeKok aland at deployingradius.com
Wed Mar 5 19:34:52 UTC 2025


On Mar 5, 2025, at 1:59 PM, Jostein Fossheim <jfossheim at skyfritt.net> wrote:
> Did some basic tests from the command line:
> 
> I have defined one NAS/client in our lab-setup with IP 172.17.10.112, which is a member of two "huntgroups" (hostgroups in FreeIPA), and I can either get them in one query or two queries. Like this:  
> 
> # One query: 
> $ ldapsearch -LLLQ -o ldif_wrap=no "(radiusClientIPAddress=172.17.10.112)" memberOf | grep -v "^dn: "
> memberOf: cn=radius_huntgroup,cn=hostgroups,cn=accounts,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_huntgroup,cn=ng,cn=alt,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_second_huntgroup,cn=hostgroups,cn=accounts,dc=lab,dc=skyfritt,dc=net
> memberOf: cn=radius_second_huntgroup,cn=ng,cn=alt,dc=lab,dc=skyfritt,dc=net 
> 
> # Two queries: 
> $ "ldapsearch -LLLQ -o ldif_wrap=no "(radiusClientIPAddress=172.17.10.112)" fqdn | grep -v "^dn: " 
> fqdn: valkyrie3.lab.skyfritt.net 
> 
> $ ldapsearch -LLLQ -o ldif_wrap=no "(member=*valkyrie3.lab.skyfritt.net*)" cn | grep -v "^dn: "
> cn: radius_huntgroup 
> cn: radius_second_huntgroup 
> 
> So huntgroups should be doable, after the model form the SQL-howto. 

  That's good news!

  Alan DeKok.




More information about the Freeradius-Users mailing list