> I'm trying to get freeradius (1.0.1) working with huntgroups and ldap > groups, after toying with this for a few days and searching the mailing > list I still can't seem to make it work, perhaps someone can assist. > > huntgroups: > apsdialin NAS-IP-Address == 192.168.1.10 > > users: > > DEFAULT Huntgroup-Name == "apsdialin", Ldap-Group != > "cn=dialin,ou=radiusgroups,dc=myhost", Auth-Type := Reject > Fall-Through = no > > DEFAULT Auth-Type := Reject > > > radtest testuser testuser 192.168.1.20 10 testing123 0 192.168.1.10 > > This is from the host 192.168.1.10, that testuser is in the "apsdialin" > group so it should be allowed access, which it is. If I remove the user > from the group they are still allowed access though! > > radiusd -X:
> rad_recv: Access-Request packet from host 149.28.3.101:52461, id=219, > length=66 > User-Name = "testuser" > User-Password = "testuser" > NAS-IP-Address = 149.28.3.101 > NAS-Port = 10 > Framed-Protocol = PPP > Processing the authorize section of radiusd.conf I cliped some of your message and only left the relevant parts. The packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10. Is that your entire huntgroups file you showed? If so, this isn't matching the rule in the users file because its not in that huntgroup. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
