Hello Dustin,
Thanks for your fast answer.
When I put == as the operator for the Huntgroup-Name attribute, I don't have any more result.
radius log :
rlm_sql (sql): No matching entry in the database for request from user [mytestusername]
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Detail file : Packet-Type = Access-Request Thu May 12 12:38:36 2005 User-Name = "mytestusername" User-Password = "XXXX" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Client-IP-Address = 127.0.0.1 Huntgroup-Name = "PPP"
I think I will try in another way to stop loosing time. Thanks for your attention to my message
Dustin Doris wrote:
On Wed, 11 May 2005, Julien freeradius wrote:
Hello,
I would like to set freeradius to send a PPP like configuration if the request come from a nas and a VPN style configuration if coming from another NAS. More or less like that :
huntgroups file: PPP NAS-IP-Address == 192.168.2.1 VPN NAS-IP-Address == 192.168.2.2
Users file:
DEFAULT Huntgroup-Name = "PPP" Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Framed-IP-Address = 255.255.255.254
DEFAULT Huntgroup-Name = "VPN" CVPN3000-Primary-DNS = "XXX.XXX.XXX.XXX", CVPN3000-Secondary-DNS = "XXX.XXX.XXX.XXX"
But I'm using MySQL. So I have set it as this:
Usergroup table :
| id | UserName | GroupName | | 1 | TestUser | confPPP | | 2 | TestUser | confVPN |
Radgroupcheck Table :
| id | GroupName | Attribute | op |
Value |
| 4 | confVPN | Huntgroup-Name | += | VPN |
| 8 | confPPP | Huntgroup-Name | += |
PPP |
Why do you have the operator as += ? Try it with == instead.
RadgroupReply table :
| id | GroupName | Attribute | op | Value | prio | | 701 | confPPP | Framed-Address | := | 255.255.255.254 | 3 | | 700 | confPPP | Framed-Protocol | := | PPP | 2 | | 702 | confPPP | Framed-Compression | := | Van-Jacobsen-TCP-IP | 4 | | 711 | confPPP | Fall-Through | := | No | 5 | | 703 | confVPN | CVPN3000-Primary-DNS | := | 1 | 0 | | 704 | confVPN | CVPN3000-Secondary-DNS | := | 1 | 0 |
The authentification work, the huntgroup is well match (I see the hunt group on the log), but the reply include always both data, the reply of the VPN AND the reply of the PPP. How can I reply only the VPN attributes when the request is coming from the VPN nas and PPP atribute for the other one.
Thanks in advance.
Read man 5 users. In that it says += always matches as a check item and == matches if the named attribute is present and has the given value.
I think that is where your problem lies.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
