Weird huntgroup issue
Hello, I have a weird huntgroup issue. I have users in a group 'artsen' with HuntgroupName = == ^(vpn|ras)$ I have users in group 'stagiars' with HuntgroupName = == hotspot On the radiussystem itself I can successfully authenticate users from group artsen but not from group stagiairs. But I can login with a user from group stagiars from a nas with ip 194.8.52.37 My NASclients from SQL: 17 | localhost | localhost | other | 0 |... Huntgroup file: # VPN infrastructure vpn NAS-IP-Address == 10.2.254.1 vpn NAS-IP-Address == 10.2.254.2 vpn NAS-IP-Address == localhost # ras NAS-IP-Address == 10.2.254.81 ras NAS-IP-Address == 10.2.254.82 ras NAS-IP-Address == localhost # hotspot NAS-IP-Address == x.y.z.37 hotspot NAS-IP-Address == x.y.z.38 hotspot NAS-IP-Address == localhost This comes in the logging when I do a check on the radiusystem itself with following arguments: radtest lvanhoey0 password localhost:1812 0 passwordhere radius_xlat: 'lvanhoey0' rlm_sql (sql): sql_set_user escaped user -- 'lvanhoey0' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'lvanhoey0' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'lvanhoey0' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No matching entry in the database for request from user [lvanhoey0] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns notfound for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module uploadlimit returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module volumelimit returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module prepaidcounter returns noop for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [lvanhoey0/jo0clni3] (from client localhost port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- And logging when login in from nas-ipadress modcall: entering group authorize for request 12 modcall[authorize]: module preprocess returns ok for request 12 modcall[authorize]: module chap returns noop for request 12 modcall[authorize]: module mschap returns noop for request 12 modcall[authorize]: module digest returns noop for request 12 rlm_realm: No '@' in User-Name = lvanhoey0, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 12 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 12 radius_xlat: 'lvanhoey0' rlm_sql (sql): sql_set_user escaped user -- 'lvanhoey0' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'lvanhoey0' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'lvanhoey0' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns ok for request 12 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module uploadlimit returns noop for request 12 rlm_sqlcounter: Entering module authorize code Any idea's??? -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] - Always read the manual
Re: Weird huntgroup issue
The first Huntgroup that matches will be used, so in this case vpn will always match for requests with NAS-IP-Address == localhost. Jonathan De Graeve wrote: Hello, I have a weird huntgroup issue. I have users in a group 'artsen' with HuntgroupName = == ^(vpn|ras)$ I have users in group 'stagiars' with HuntgroupName = == hotspot On the radiussystem itself I can successfully authenticate users from group artsen but not from group stagiairs. But I can login with a user from group stagiars from a nas with ip 194.8.52.37 My NASclients from SQL: 17 | localhost | localhost | other | 0 |... Huntgroup file: # VPN infrastructure vpn NAS-IP-Address == 10.2.254.1 vpn NAS-IP-Address == 10.2.254.2 vpn NAS-IP-Address == localhost # ras NAS-IP-Address == 10.2.254.81 ras NAS-IP-Address == 10.2.254.82 ras NAS-IP-Address == localhost # hotspot NAS-IP-Address == x.y.z.37 hotspot NAS-IP-Address == x.y.z.38 hotspot NAS-IP-Address == localhost This comes in the logging when I do a check on the radiusystem itself with following arguments: radtest lvanhoey0 password localhost:1812 0 passwordhere radius_xlat: 'lvanhoey0' rlm_sql (sql): sql_set_user escaped user -- 'lvanhoey0' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'lvanhoey0' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'lvanhoey0' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No matching entry in the database for request from user [lvanhoey0] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns notfound for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module uploadlimit returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module volumelimit returns noop for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module prepaidcounter returns noop for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [lvanhoey0/jo0clni3] (from client localhost port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- And logging when login in from nas-ipadress modcall: entering group authorize for request 12 modcall[authorize]: module preprocess returns ok for request 12 modcall[authorize]: module chap returns noop for request 12 modcall[authorize]: module mschap returns noop for request 12 modcall[authorize]: module digest returns noop for request 12 rlm_realm: No '@' in User-Name = lvanhoey0, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 12 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 12 radius_xlat: 'lvanhoey0' rlm_sql (sql): sql_set_user escaped user -- 'lvanhoey0' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'lvanhoey0' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'lvanhoey0' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'lvanhoey0' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns ok for request 12 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module uploadlimit returns noop for request 12 rlm_sqlcounter: Entering module authorize code Any