Hanno Schupp wrote: > I am trying to implement huntgroups via MySQL according to > http://wiki.freeradius.org/SQL_Huntgroup_HOWTO On difference is the > assignment of huntgroups not according to NAS-IP, but to > Called-Station-Id. The goal is to suppress roaming between hotspot > routers, between groups of hotspots. > > For that purpose I have inserted the code ... > In lieu of the module ‘preprocess’ into group ‘authorize’, as advised in > the HOWTO.
You also seen to be over-riding that in the SQL tables: > `radgroupcheck` > `id`, `GroupName`, `Attribute`, `op`, `Value` > 1, 'TestGroup', 'Huntgroup-Name', ':=', 'Test' This sets the Huntgroup-Name to "Test". > One would expect the user to be rejected if the user tries to log in to > the router with the Called-Station-Id '00-1D-7E-E7-96-9F’, However, the > user is authenticated and not rejected. You did not configure the server to reject the user if he logs in with that Called-Station-Id. You configured the server to put him in a huntgroup if he logs in with that Called-Station-Id. Did you configure the server to reject users in the "Test-Rejec" huntgroup? It looks like you didn't. > One thing I don’t get is, why is the rlm_sql_mysql module finding the > Hungroup-Name ‘Test-Rejec’ correctly, but module ‘request’ returns not > found? There are explanations for that... > The user is found in radgroupchek for the correct usergroup > ‘TestGroup’. As the values in radgroupcheck and radgroupreplycheck do > not match, the user should be rejected, but the user is accepted. No. If the values in radgroupcheck do not match.... it means they do not match. You have *other* configurations that let the server authenticate the request. You did *not* configure the server to reject the request if it's in the "Test-Rejec" huntgroup. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
