I'm having the very same issue, and can't understand why. If the Huntgroup-Name value is in radcheck the limitation is done correctly, but it is not when the Huntgroup-Name is in radgroupcheck, while the example here [1] is exactly with radgroupcheck. The proposed change doesn't work, also because it's not relevant. As per the example in the url: example user is in group site_a_admins (radusergroup) site_a is in radhuntgroup have in radgroupcheck: site_a_admins Huntgroup-Name == site_a
access is allowed anywhere. If you move the check in radcheck, like: example user Huntgroup-Name == site_a then the check is performed correctly. The proposed modification to the group check query just adds huntgroup's properties to the request. thanks [1] http://wiki.freeradius.org/guide/SQL_Huntgroup_HOWTO ----- Messaggio originale ----- > Da: "Ben West" <[email protected]> > A: "FreeRadius users mailing list" <[email protected]> > Inviato: Mercoledì, 2 novembre 2011 15:22:25 > Oggetto: Huntgroup Checking > > You may need to inspect whether the groupcheck query in > mysql/dailup.conf (if you are using MySQL) looks in the huntgroup > table. > > For example, this is the default query in my copy of freeRADIUS > provided by Debian: > > authorize_group_check_query = "SELECT id, groupname, attribute, \ > Value, op \ > FROM ${groupcheck_table} \ > WHERE groupname = '%{Sql-Group}' \ > ORDER BY id" > > Try modifying it as such: > > authorize_group_check_query = "SELECT id, groupname, attribute, \ > value, op \ > FROM ${groupcheck_table} \ > WHERE ( groupname = '%{Sql-Group}' \ > OR groupname = '%{Huntgroup-Name}' ) \ > ORDER BY id" > > > On Wed, Nov 2, 2011 at 9:07 AM, simonm123 <[email protected]> wrote: > > Can anyone tell me if hungroup checking can be made to work on the group > > level, not just the user level? > > > > Thanks > > > > -- > > View this message in context: > > http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155.html > > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > -- > Ben West > [email protected] > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- -- Lorenzo Milesi - [email protected] YetOpen S.r.l. - http://www.yetopen.it/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
