Hi. I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't seem to work.
Given the following properties: radcheck: F000001 MD5-Password := somemd5hash radusergroup F000001 HuntGroup01 radgroupcheck F000001 Huntgroup-Name =~ nas04|nas05 the user is always authenticated, even if the connection comes from a nas which is not nas04 or nas05. If I place the Huntgroup-Name property in the radcheck the user is correctly limited to the selected NASes. Output of the accounting session of "freeradius -X" attached here: https://dl.dropbox.com/u/706934/check01.gz The results of the ran queries: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'F0000001' ORDER BY id F000001 Md5-Password := xxx SELECT id, username, attribute, value, op FROM radreply WHERE username = 'F0000001' ORDER BY id (empty) SELECT groupname FROM usergroup WHERE username = 'F0000001' ORDER BY id huntgroup01 SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'huntgroup01' OR groupname = 'nas04' ORDER BY id huntgroup01 Huntgroup-Name nas01|nas02 =~ The final query correctly returns the list of nases the user is allowed to login to, but apparently it's not considered. Why this? what am I missing? In addition to that, can I set a certain property (i.e. WISPr-Session-Terminate-Time) only if the user connects to a specific huntgroup? thanks -- Lorenzo Milesi - [email protected] GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
