Hi Cris,
Huntgroups (smal parts):
#AFVALENT_09 redback NAS-IP-Address == 80.xxx.xx.1 # AGVALENT_11 redback NAS-IP-Address == 80.xx.xx.2 # A2MITRY__04 (...) # Loopback1 de VALENTON lns-rtc NAS-IP-Address == 213.xx.xx.226 # Loopback1 de MTY2MC7205 lns-rtc NAS-IP-Address == 213.xx.xxx.90 (..) # Valenton 12 nas NAS-IP-Address == 195.xx.xx.5 nas NAS-IP-Address == 195.xx.xx.6 (..) #Loopback0 de ValentonLDP3/VAL3MC7213 lns NAS-IP-Address == 213.xx.xx.14 #Loopback0 de ValentonLDP4/VAL3MC7214 lns NAS-IP-Address == 213.xxx.xxx.20 #Loopback0 de ValentonLDP5/VAL3MC7215 lns NAS-IP-Address == 213.xx.xx.21
etc ....
The Users file :
DEFAULT Realm == "xx.net", Huntgroup-Name == "bas", Autz-Type := "autz.xx.net"
DEFAULT Realm == "xx.net", Huntgroup-Name == "lns", Autz-Type := "autz.xx.net"
DEFAULT Realm == "xx.net", Huntgroup-Name == "nas", Autz-Type := "autz.xx.net"
DEFAULT Realm == "xx.net", Huntgroup-Name == "lns-rtc", Autz-Type := "autz.xx.net"
DEFAULT Realm == "xx.net", Huntgroup-Name == "redback", Autz-Type := "autz.xx.net"
DEFAULT Realm == "xx.net", Huntgroup-Name == "wifi", Autz-Type == "autz.xx.net" , Session-Type == "wifi"
I hope i helps you Regards Thomas MARCHESSEAU
Cris Boisvert wrote:
Can I define the attributes in the users file and leave the actual users in the database.?
So the database will authenticate with the user/pass scenario and they read the users file for the attributes to reply with?
Thanx Cris
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris Sent: Wednesday, January 05, 2005 10:39 AM To: [email protected] Subject: RE: Huntgroup
I apologize about the plain text. This is what I have in the huntgroup file.
Huntgroup1 NAS-IP-ADDRESS == 1.2.3.4 Group = Dialup Slipstream-Auth = "true", X-Ascend-Data-Filter == "ip in forward tcp est", X-Ascend-Data-Filter == "ip in forward dstip 1.2.5.4/32", X-Ascend-Data-Filter == "ip in drop tcp dstport = 25", X-Ascend-Data-Filter == "ip in forward",
Huntgroup2 NAS-IP-ADDRESS == 1.2.3.5 Group =Wireless RB-Context-Name = local, Fall-Through = yes,
The Huntgroups file is where you list attributes that would match the huntgroup. The users file or sql table is where you will list the attributes you want to reply to the user with.
My users file is empty because I use a Mysql database for the users names.
The database is setup like this
Username group password Joe Wireless test Bob Dialup test
Currently the sql group table responds based on the group I put them in..
I want it not to be that way. I want it to respond based on the NAS device
the users connects from..
Using huntgroups and users files you can do this. You could also store the reply attributes in a mysql group, but I've never done that, so can't help much on that.
huntgroups
group1 NAS-IP-Address == 1.1.1.1 group2 NAS-IP-Address == 2.2.2.2
users
DEFAULT Huntgroup-Name == group1 X-Ascend-Data-Filter == "ip in forward tcp est", Reply-Attribute2 = value, Reply-Attribute3 = value
DEFAULT Huntgroup-Name == group2 Reply-Attribute = value
So, when a user comes in it will search the users file. If it comes from 1.1.1.1 it will match huntgroup-name group1. Then it is told to send those particular reply attributes.
If the user does not come in from huntgroup1, it won't match and will continue searching the users file until there is a match.
I think you just need to simplify your setup. Hope that helps. Remember, in the huntgroups file you just define what matches a huntgroup. You have to define what reply attributes will be returned somewhere else, such as the users file, sql table, ldap, etc...
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
