NAS-IP member of multiple huntgroups?

Fri, 06 May 2005 04:03:43 -0700 

Hi,


I'm wondering why it is prohibited to have a particular NAS-IP-Address
in more than one huntgroup.

I want to use huntgroups for roaming blocking:

huntgroups:

DE.HDN          NAS-IP-Address == 10.0.0.1
DE              NAS-IP-Address == 10.0.0.1
EMEA            NAS-IP-Address == 10.0.0.1

DE.FRM          NAS-IP-Address == 10.0.0.2
DE              NAS-IP-Address == 10.0.0.2
EMEA            NAS-IP-Address == 10.0.0.2

DE.DTM          NAS-IP-Address == 10.0.0.3
DE              NAS-IP-Address == 10.0.0.3
EMEA            NAS-IP-Address == 10.0.0.3

UK.LND          NAS-IP-Address == 10.0.1.1
UK              NAS-IP-Address == 10.0.1.1
EMEA            NAS-IP-Address == 10.0.1.1

UK.CBG          NAS-IP-Address == 10.0.1.2
UK              NAS-IP-Address == 10.0.1.2
EMEA            NAS-IP-Address == 10.0.1.2

BE.BRU          NAS-IP-Address == 10.0.2.1
BE              NAS-IP-Address == 10.0.2.1
EMEA            NAS-IP-Address == 10.0.2.1



users:

user1           User-Password == "test", Huntgroup-Name == "EMEA"
                ...
                ...

user2           User-Password == "test", Huntgroup-Name == "DE"
                ...
                ...

user3           User-Password == "test", Huntgroup-Name == "DE.FRM"
                ...
                ...



But this doesn't work, since only the first huntgroup name for a
particular IP is considered.

I'm wondering especially since the multiple huntgroup names for one
NAS-IP-Address are considered when the huntgroups file is read into
the data structure of rlm_preprocess, but they are not considered when
an user is checked using huntgroup_access. Accordingly simple is the
patch to achieve this MANY_HUNTGROUP_NAMES_FOR_ONE_IP "feature":

--- rlm_preprocess.c    2004-10-07 22:52:31.000000000 +0200
+++ rlm_preprocess.c-patched    2005-05-06 12:56:50.000000000 +0200
@@ -362,8 +362,13 @@
                         *  We've matched the huntgroup, so add it in
                         *  to the list of request pairs.
                         */
+#define MANY_HUNTGROUP_NAMES_FOR_ONE_ADDRESS 1
+#ifndef MANY_HUNTGROUP_NAMES_FOR_ONE_ADDRESS
                        vp = pairfind(request_pairs, PW_HUNTGROUP_NAME);
                        if (!vp) {
+#else
+                       {
+#endif
                                vp = paircreate(PW_HUNTGROUP_NAME,
                                                PW_TYPE_STRING);
                                if (!vp) {
@@ -379,7 +384,9 @@
                        }
                        r = RLM_MODULE_OK;
                }
+#ifndef MANY_HUNTGROUP_NAMES_FOR_ONE_ADDRESS
                break;
+#endif
        }
 
        return r;



Wouldn't it be an useful enhancement to be able to have one
NAS-IP-Address in many huntgroups? Or is anything against the
"feature" I propose, which I do not see at the moment?



Thanks,
Wolfgang



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to