radtest sets NAS-IP-Address = `hostname` -- which is a string, not an ip address. the
string is evaluated to the value of 255.255.255.255, and as a result, my problem was
with radtest, not with the actual huntgroup configuration. i changed nas = `hostname`
to
nas = `ifconfig eth0 | grep "inet addr" | awk '{ print $2}' | awk -F : '{ print $2 }'`
and i'm gold. -- sorry for the spam / uselessness.
-----Original Message-----
From: Michael Komitee
Sent: Wednesday, August 13, 2003 1:59 PM
To: [EMAIL PROTECTED]
Subject: RE: users file not using multiple directives
actually, it's not authenticating anyone. i ran a stack trace on radiusd, and tried to
authenticate. i'm seeing that the packet radiusd is receiving has a NAS-IP-Address of
255.255.255.255. That's the problem right there. Somehow, the nas ip address isn't
being properly set, and as a result the request does not match the huntgroup.
-----Original Message-----
From: Michael Komitee
Sent: Wednesday, August 13, 2003 1:53 PM
To: [EMAIL PROTECTED]
Subject: RE: users file not using multiple directives
thanks for the direction, after reading that i see a bunch of mistakes, but it hasnt
actually fixed the problem. i see that my operators were wrong... everywhere.
now the user:
bob Auth-Type := System, Huntgroup-Name == "dnsservers"
with the hunt group
dnsservers NAS-IP-Address == 192.168.10.254
authenticates user bob from anywhere, regardless of whether the NAS-IP-Address is
192.168.10.254. My understanding from the users man page (5) is that this will:
Auth-Type := System changes the Auth-Type to be System from anything that
it was previously set to, if there was no previously declared Auth-Type, it creates
the attribute and sets it.
Huntgroup-Name == "dnsservers" only matches if the requesting packet includes
information that matches all criteria from the dnsservers huntgroup.
NAS-IP-Address == 192.168.10.254 matches only if the ip of the NAS is
192.168.10.254...
--thats what i think it all means, thats what the man page implies, thats what the
docs i've seen on huntgroups implies, but as i stated, it's authenticating from any
NAS, not just the aforementioned IP.
-----Original Message-----
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2003 1:31 PM
To: [EMAIL PROTECTED]
Subject: Re: users file not using multiple directives
"Michael Komitee" <[EMAIL PROTECTED]> wrote:
> i'm having a problem with my users file, i'm declaring users and it
> seems to only accept a single option per user:
Read the 'users' file 'man' page. Look at the examples in the
'users' file.
> username Auth-Type = System, Huntgroup-Name = "dnsservers"
>
> will not authenticate anyone, even when the access request matches
> everything in the dnsservers huntgroup,
Look for 'Huntgroup-Name' in the sample 'users' file, and see what
you're doing differently from those examples.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
