Hello Dustin,
No the huntgroup was set to match with 127.0.0.1 I have done differently, and it appears to work.
But it is possible to send a reject notice if there is no matching group for the users with MySQL
I have tried to enable the default profile and add a "Auth-Type += Reject" for the default group in radgroupcheck, but it's not working.
Thanks in advance. Best regards
Dustin Doris wrote:
Hello Dustin,
Thanks for your fast answer. When I put == as the operator for the Huntgroup-Name attribute, I don't have any more result.
radius log : rlm_sql (sql): No matching entry in the database for request from user [mytestusername] rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user.
Detail file : Packet-Type = Access-Request Thu May 12 12:38:36 2005 User-Name = "mytestusername" User-Password = "XXXX" NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 Client-IP-Address = 127.0.0.1 Huntgroup-Name = "PPP"
I think I will try in another way to stop loosing time. Thanks for your attention to my message
Did you update your huntgroups settings with localhost as a PPP huntgroup?
PPP NAS-IP-Address == 192.168.2.1
VPN NAS-IP-Address == 192.168.2.2
Your packet had nas-ip-address of 127.0.0.1, so your user should not have matched according to your huntgroup definition.
Or just try this.
$ printf "User-Name = "mytestusername"\nUser-Password = "XXXX"\nNAS-IP-Address = 192.168.2.1\n" | radclient localhost auth yoursecret
Dustin Doris wrote:
On Wed, 11 May 2005, Julien freeradius wrote:
Hello,
I would like to set freeradius to send a PPP like configuration if the request come from a nas and a VPN style configuration if coming from another NAS. More or less like that :
huntgroups file: PPP NAS-IP-Address == 192.168.2.1 VPN NAS-IP-Address == 192.168.2.2
Users file:
DEFAULT Huntgroup-Name = "PPP" Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Framed-IP-Address = 255.255.255.254
DEFAULT Huntgroup-Name = "VPN" CVPN3000-Primary-DNS = "XXX.XXX.XXX.XXX", CVPN3000-Secondary-DNS = "XXX.XXX.XXX.XXX"
But I'm using MySQL. So I have set it as this:
Usergroup table :
| id | UserName | GroupName | | 1 | TestUser | confPPP | | 2 | TestUser | confVPN |
Radgroupcheck Table :
| id | GroupName | Attribute | op | Value | | 4 | confVPN | Huntgroup-Name | += | VPN | | 8 | confPPP | Huntgroup-Name | += | PPP |
Why do you have the operator as += ? Try it with == instead.
RadgroupReply table :
| id | GroupName | Attribute | op | Value | prio | | 701 | confPPP | Framed-Address | := | 255.255.255.254 | 3 | | 700 | confPPP | Framed-Protocol | := | PPP | 2 | | 702 | confPPP | Framed-Compression | := | Van-Jacobsen-TCP-IP | 4 | | 711 | confPPP | Fall-Through | := | No | 5 | | 703 | confVPN | CVPN3000-Primary-DNS | := | 1 | 0 | | 704 | confVPN | CVPN3000-Secondary-DNS | := | 1 | 0 |
The authentification work, the huntgroup is well match (I see the hunt group on the log), but the reply include always both data, the reply of the VPN AND the reply of the PPP. How can I reply only the VPN attributes when the request is coming from the VPN nas and PPP atribute for the other one.
Thanks in advance.
Read man 5 users. In that it says += always matches as a check item and == matches if the named attribute is present and has the given value.
I think that is where your problem lies.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
