Re: HuntGroup + MySQL

Wed, 11 May 2005 17:34:13 -0700 

On Wed, 11 May 2005, Julien freeradius wrote:

> Hello,
>
> I would like to set freeradius to send a PPP like configuration if the
> request come from a nas and a VPN style configuration if coming from
> another NAS. More or less like that :
>
> huntgroups file:
> PPP        NAS-IP-Address == 192.168.2.1
> VPN      NAS-IP-Address == 192.168.2.2
>
>
> Users file:
>
> DEFAULT  Huntgroup-Name = "PPP"
>     Framed-Protocol = PPP,
>     Framed-Compression = Van-Jacobson-TCP-IP,
>     Framed-IP-Address = 255.255.255.254
>
> DEFAULT  Huntgroup-Name = "VPN"
>     CVPN3000-Primary-DNS = "XXX.XXX.XXX.XXX",
>     CVPN3000-Secondary-DNS = "XXX.XXX.XXX.XXX"
>
>
> But I'm using MySQL. So I have set it as this:
>
> Usergroup table :
>
> | id      | UserName                      | GroupName |
> | 1       | TestUser                         | confPPP   |
> | 2       | TestUser                         | confVPN   |
>
> Radgroupcheck Table :
>
> | id     | GroupName        | Attribute                   | op     |
> Value       |
> |  4     | confVPN            | Huntgroup-Name     | +=     | VPN         |
> |  8     | confPPP              | Huntgroup-Name     | +=     |
> PPP         |

Why do you have the operator as += ?  Try it with == instead.

>
> RadgroupReply table :
>
> | id        | GroupName       | Attribute
>      | op     | Value                            | prio |
> | 701     | confPPP             | Framed-Address                       |
> :=      | 255.255.255.254          |    3 |
> | 700     | confPPP             | Framed-Protocol
> | :=      | PPP                              |    2 |
> | 702     | confPPP             | Framed-Compression               | :=
>     | Van-Jacobsen-TCP-IP  |    4 |
> | 711     | confPPP             | Fall-Through
>      | :=      | No                                 |    5 |
> | 703     | confVPN           | CVPN3000-Primary-DNS       | :=      |
> 1                                    |    0 |
> | 704     | confVPN           | CVPN3000-Secondary-DNS   | :=      |
> 1                                    |    0 |
>
>
> The authentification work, the huntgroup is well match (I  see the hunt
> group on the log), but the reply include always both data, the reply of
> the VPN AND the reply of the PPP. How can I reply only the VPN
> attributes when the request is coming from the VPN nas and PPP atribute
> for the other one.
>
> Thanks in advance.
>

Read man 5 users.  In that it says += always matches as a check item and
== matches if the named attribute is present and has the given value.

I think that is where your problem lies.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to