Alan Kong wrote:
> I want to use huntgroup to restrict users connecting. If the user is
> added in huntgroup and login and clear password was entered in users
> file, the user has no problem in accessing. When I add another user in
> huntgroup but using Unix password file to authenti
Hi,
I want to use huntgroup to restrict users connecting. If the user is
added in huntgroup and login and clear password was entered in users
file, the user has no problem in accessing. When I add another user in
huntgroup but using Unix password file to authenticate, I keep getting
invalid
hi,
add 'preprocess' to top of your authorize section in inner-tunnel ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Subject: Re: errors when check with huntgroup
>
>
> hi,
>
> you've edited a whole lot of stuff out of your debug log...including
> the stuff which actually matters where the failure actually occurs
> (you just kept the part where the end result was recorded
hi,
you've edited a whole lot of stuff out of your debug log...including
the stuff which actually matters where the failure actually occurs
(you just kept the part where the end result was recorded).
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I' ve a problem when i want to check user with huntgroup :
bp3 User-Password := "test" , Calling-Station-Id ==
"844b.f5b8.d423" is Ok
but not :
bp3 User-Password := "test" , Calling-Station-Id == "844b.f5b8.d423"
, Huntgroup-
I'm having the very same issue, and can't understand why.
If the Huntgroup-Name value is in radcheck the limitation is done correctly,
but it is not when the Huntgroup-Name is in radgroupcheck, while the example
here [1] is exactly with radgroupcheck.
The proposed change doesn&#x
hg021.2.3.5 NULL
Radgroupcheck:
10 federazione Huntgroup-Name =~ ufficyohg|maxxerhg
11 federazione2Huntgroup-Name =~ hg02|hg01
Radusergroup:
34 F0073404federazione210
full debug of a test login from 1.2.3.5 and a second from
ntgroup WHERE
nasipaddress='%{NAS-IP-Address}'} -> nas04
++[request] returns ok
++? if (Huntgroup-Name == '')
? Evaluating (Huntgroup-Name == '') -> FALSE
++? if (Huntgroup-Name == '') -> FALSE
++[chap] returns noop
++[mschap] returns noop
[suffix] N
ere. There's no reason put a
zipped version on a separate web site.
> According to [1] huntgroups can be checked via SQL as well...
> From the debug output i posted here [2] you can see the huntgroup is
> correctly identified from SQL...
>
> [1] http://wiki.freeradius.org/gui
Lorenzo Milesi wrote:
> I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't
> seem to work.
Post the debug output, as suggested in the FAQ, "man" page, web pages,
and daily on this list.
> Given the following properties:
>
; > F01 MD5-Password := somemd5hash
> > radusergroup
> > F01 HuntGroup01
> > radgroupcheck
> > F01 Huntgroup-Name =~ nas04|nas05
> >
> > the user is always authenticated, even if the connection comes from
> > a nas which is not nas04 or nas05.
>
&g
Hi.
I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't
seem to work.
Given the following properties:
radcheck:
F01 MD5-Password := somemd5hash
radusergroup
F01 HuntGroup01
radgroupcheck
F01 Huntgroup-Name =~ nas04|nas05
the user is always aut
ted HG?
its an attribute so just use it. add your NAS'es to the huntgroup and then use
the huntgroup in comparisons
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> customized params, and this is what HG are for. But how to Reject
> the user, if it has no associated HG?
Ok I found searching more that I can achieve this by adding:
if (Huntgroup-Name == ''){
reject
}
--
Lorenzo Milesi - lorenzo.mil...@yetopen.it
GPG/PGP Key-Id: 0
Hi.
I was wondering, is it possible to replace the NAS-Identifier features by
playing with Huntgroups?
The idea is to have one user which can access in several NAS with customized
params, and this is what HG are for. But how to Reject the user, if it has no
associated HG?
I'm having some trou
Lorenzo Milesi wrote:
>> You defined the huntgroup. You didn't *use* it to limit sessions.
>>
>> In the "users" file:
>>
>> DEFAULT Huntgroup-Name == maxxer, Max-Daily-Session := 60
>
> Can I use SQL to define HG properties?
No. Hun
> You defined the huntgroup. You didn't *use* it to limit sessions.
>
> In the "users" file:
>
> DEFAULT Huntgroup-Name == maxxer, Max-Daily-Session := 60
Can I use SQL to define HG properties?
I.e. setting Max-Daily-Session in radgroupcheck? Or
Lorenzo Milesi wrote:
> I need to give user specific limitation based on where they connect to.
> I.e. I have two nas where the user can roam to, but when he logs into hs A he
> gets Max-Daily-Session := 60, while on B has no daily limit.
>
> Based on research, this should be done
Hi.
I need to give user specific limitation based on where they connect to.
I.e. I have two nas where the user can roam to, but when he logs into hs A he
gets Max-Daily-Session := 60, while on B has no daily limit.
Based on research, this should be done with Huntgroup. Current wiki page [1
our organization's
requirement I need to authenticate users to allow or reject users for wireless
or VPN access checking huntgroups and attribute in AD or users file accordingly
so, I have configured huntgroup name in huntgroups "wirelesstest" and have
configured my NAS-IP-Address a
10:07 AM, Phil Mayers wrote:On 07/26/2012 09:51 AM, Jenny Blunt wrote: > I'm looking for some help with the implementation of huntgroups. > > Am using mysql and have followed the following topic through: > > > http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-td49
On 07/26/2012 09:51 AM, Jenny Blunt wrote:
I'm looking for some help with the implementation of huntgroups.
Am using mysql and have followed the following topic through:
http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-td4950385.html
In sites-available/default I have this,
I forgot to mention that the look up works if I enter the Huntgroup-Name in radcheck.For some reason, it's just failing in radgroupcheckOn Jul 26, 2012, at 09:51 AM, Jenny Blunt wrote:I'm looking for some help with the implementation of huntgroups. Am using mysql and have followed the
I'm looking for some help with the implementation of huntgroups. Am using mysql and have followed the following topic through: http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-td4950385.htmlIn sites-available/default I have this, (just after preprocess: update re
On Thu, Jun 07, 2012 at 12:59:24PM -0300, Sergio Belkin wrote:
> > I just chuck the raw data out with detail and leave it be. The
> > useful stuff is pristinely formatted with gentle loving care by
> > the linelog module, where it sits in a nice greppable format for
>
> Wow, linelog seems interest
2012/6/6 Matthew Newton :
> On Wed, Jun 06, 2012 at 03:56:54PM -0300, Sergio Belkin wrote:
>> Good idea, I've tried appending %{EAP-Type) that to detail.log but
>> sending nothing
>> eg:
>>
>> auth-detail-AP-XXX-DEFAULT--20120606
>>
>> Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)
2012/6/6 Alan DeKok :
> Sergio Belkin wrote:
>> Good idea, I've tried appending %{EAP-Type) that to detail.log
>
> What does that mean?
>
>> but
>> sending nothing
>> eg:
>>
>> auth-detail-AP-XXX-DEFAULT--20120606
>>
>> Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)
>
> As *ALWAY
On Wed, Jun 06, 2012 at 03:56:54PM -0300, Sergio Belkin wrote:
> Good idea, I've tried appending %{EAP-Type) that to detail.log but
> sending nothing
> eg:
>
> auth-detail-AP-XXX-DEFAULT--20120606
>
> Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)
You've not really explained wha
Sergio Belkin wrote:
> Good idea, I've tried appending %{EAP-Type) that to detail.log
What does that mean?
> but
> sending nothing
> eg:
>
> auth-detail-AP-XXX-DEFAULT--20120606
>
> Between "-" and "-" is nothing (Neither TTLS nor PEAP appears)
As *ALWAYS*, read the debug output.
You'
2012/6/6 Matthew Newton :
> On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
>> I've added this files because I like to separate logs when supplicants
>> are using PEAP or TTLS
>
> I'd still use just one file, and filter the logs instead.
>
>> Is there a better way of doing that?
>
>
On Wed, Jun 06, 2012 at 10:28:27AM -0300, Sergio Belkin wrote:
> I've added this files because I like to separate logs when supplicants
> are using PEAP or TTLS
I'd still use just one file, and filter the logs instead.
> Is there a better way of doing that?
There may be several ways. The first o
2012/6/5 Matthew Newton :
> On Mon, Jun 04, 2012 at 11:43:07AM -0300, Sergio Belkin wrote:
>> 2012/6/4 Alan DeKok :
>> > The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
>> > module.
>>
>> So, sorry for the stupid questions but how can I do that
>>
>> It's true what you say a
On Mon, Jun 04, 2012 at 11:43:07AM -0300, Sergio Belkin wrote:
> 2012/6/4 Alan DeKok :
> > The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
> > module.
>
> So, sorry for the stupid questions but how can I do that
>
> It's true what you say about debug output, but I "files"
Sergio Belkin wrote:
> 2012/6/4 Alan DeKok :
>> The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
>> module.
>
> So, sorry for the stupid questions but how can I do that
If it's in the file, it's used.
> It's true what you say about debug output, but I "files" is in
> inn
2012/6/4 Alan DeKok :
> The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
> module.
So, sorry for the stupid questions but how can I do that
It's true what you say about debug output, but I "files" is in
inner-tunnel configuration, I tried putting "files" above of chap, but
Sergio Belkin wrote:
> I haven't deleted anything respect to configuration files per default:
You can believe what you want, or you can believe the server
output.
> Did I missed something?
The debug for the "inner-tunnel" *clearly* shows NOT using the "files"
module.
Go fix that.
Ala
2012/6/4 Alan DeKok :
> Sergio Belkin wrote:
>> I've appended something like to huntgroups file
>>
>> mb NAS-IP-Address == 10.129.189.1
>> mb NAS-IP-Address == 10.129.84.1
>> mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I
>>
>> And in
Sergio Belkin wrote:
> I've appended something like to huntgroups file
>
> mb NAS-IP-Address == 10.129.189.1
> mb NAS-IP-Address == 10.129.84.1
> mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I
>
> And in users files:
>
> pruebita Huntgroup-Name == &qu
Good morning,
I have been studying the configuration of the file
sites-available/inner-tunnel and making some tests. I have found that the
"files" check in the authorize section made my configuration not to work as
desired because, as Alan said, inside the TLS tunnel the huntgroup
y on this list: "radiusd -X".
> Using "radiusd -xX" produces 2x the output, and is NOT needed.
>
My bad. Sorry about that.
>
> > I can see in the "not working log" that on the first requests the
> > huntgroup is been recognised ok. I just do not
utput, and is NOT needed.
> I can see in the "not working log" that on the first requests the
> huntgroup is been recognised ok. I just do not understand why it tries
> again to check it, until it fails (request #9).
Because it's checking the user *inside* of the TLS tu
You may need to inspect whether the groupcheck query in
mysql/dailup.conf (if you are using MySQL) looks in the huntgroup
table.
For example, this is the default query in my copy of freeRADIUS
provided by Debian:
authorize_group_check_query = "SELECT id, groupname, attr
Can anyone tell me if hungroup checking can be made to work on the group
level, not just the user level?
Thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Huntgroup-Checking-tp4950385p4958155.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
On further investigation, I can see that the check works just fine if the
attribute huntgroup-name == xxx is added to radcheck
For what reason can't we add to radgroupcheck?
What's the logic required to modify so we can restrict on a group level?
On 30 Oct 2011, at 17:03, Alan D
I meant Huntgroup-Name == NetworkA in my radgroupcheck table. I'm not using the
huntgroups file - they're all in my db.
The wiki suggests using the query below restrict access per network. If that
query below is not going to work, it's a little misleading. Or is it just
incomp
the server checking in the debug log.
>
> What I basically want to do is restrict users to certain networks, as per
> the wiki. If their huntgroup-name matches their huntgroup based on nasip,
> they can get online, otherwise they're rejected.
OK...
> I've put Huntgrou
do is restrict users to certain networks, as per
the wiki. If their huntgroup-name matches their huntgroup based on nasip,
they can get online, otherwise they're rejected.
I've put Huntgroup-Name = NetworkA in my radgroupcheck folder.
In my radhuntgroup table, I have the nasip and grou
han 20 DEFAULT-entries for different
>> huntgroup/ldap-group combinations
>> and splitting nexus to nexus_RO and nexus_RW means adding additional 5
>> entries minimum
>> I´m searching for a more scalable solution. If the next team should get
>> access to different
>>
>Thanks for the answer!
>
>But there are several problems for me:
>- i have no access to ldap, new groups are not as easy to implement as in
>small environments
>- i already have more than 20 DEFAULT-entries for different
>huntgroup/ldap-group combinations
> and splitti
>DEFAULT. Huntgroup-Name == "nexus",LDAP-Group == "nexus_RO"
>...
>
>DEFAULT.Huntgroup-Name == "nexus",LDAP-Group == "nexus_RW"
>...
>
>Add your users to groups to suit. While devices can only be in one group,
>users can be
Teams, but with diffenrent rights.
>>
>> Users:
>>
>> DEFAULT Auth-Type := LDAP, Huntgroup-Name == "nexus", LDAP-Group ==
>> ""
>> Login-Service = Telnet,
>> Cisco-AVPair = "shell:role
>Hi,
>
>I have a little problem with devices in multiple huntgroups.
>By now i kno that this is not possible (rtfm helped ;-)
>
>What i wanted to do is the following:
>
>Two Teams, but with diffenrent rights.
>
>Users:
>
>DEFAULT Auth-Ty
Hi,
I have a little problem with devices in multiple huntgroups.
By now i kno that this is not possible (rtfm helped ;-)
What i wanted to do is the following:
Two Teams, but with diffenrent rights.
Users:
DEFAULT Auth-Type := LDAP, Huntgroup-Name == "nexus",
e advice to everyone.
As per your recomendation we changed the users file with the
following line:
steve2Cleartext-Password := "testing", Huntgroup-Name ==
"arcsight"
but we got the same result access-reject.
And we got the following outpu
> Thanks for the advice to everyone.
>
> As per your recomendation we changed the users file with the following
> line:
>
> steve2Cleartext-Password := "testing", Huntgroup-Name == "arcsight"
>
> but we got the same result access-reject.
>
>
Thanks for the advice to everyone.
As per your recomendation we changed the users file with the following line:
steve2Cleartext-Password := "testing", Huntgroup-Name == "arcsight"
but we got the same result access-reject.
And we got the following output:
rad_recv: A
Alfonso Alejandro Reyes Jiménez wrote:
> Hi, I'm trying to use the huntgroup feature on the freeradius software
> with out luck. I think I'm missing something that's why I'm sending this
> email maybe you can help me.
You should read the debug output of the se
Hi, I'm trying to use the huntgroup feature on the freeradius software
with out luck. I think I'm missing something that's why I'm sending this
email maybe you can help me.
Right now I have the following files:
huntgroups file at the end:
squid NAS-IP-Address == 127.
Hi,
So here's my hurdle. I have multiple groups and use hunt-groups plus
expiration time on the users for authentication. Assuming I have groups 1 &
2 how is it possible to link the expiration time to a group and the user and
not just for the user. The expiration time is set on a per user level
orize section, but when the Sql-Group is evaluated for the
> huntgroup my "sql_write" sql instance is used instead.
>
> Is there a way to specify which sql instance should be used in this situation?
There's a fix in git v2.1x branch now. It adds -SQL-Group,
just like f
Doug Warner wrote:
> I moved this thread over to the -devel list with a supplied patch. It appears
> to me this isn't currently possible but might be trivial to fix.
The fix is to copy the -LDAP-Group setup from the LDAP
module, and change it to -SQL-Group. The fix should be in git
tomorrow.
ified to be
> used in my authorize section, but when the Sql-Group is evaluated for the
> huntgroup my "sql_write" sql instance is used instead.
>
> Is there a way to specify which sql instance should be used in this situation?
>
I moved this thread over to the -devel list wi
s evaluated for the
huntgroup my "sql_write" sql instance is used instead.
Is there a way to specify which sql instance should be used in this situation?
-Doug
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I thought I might share a configuration part that has proven useful for
us...
Based on the howto at http://wiki.freeradius.org/SQL_Huntgroup_HOWTO ,
we found that we might as well add the huntgroup name to the NAS table
when adding new NASes. No need to maintain two separate tables with the
NAS
On Thu, Sep 03, 2009 at 07:36:31AM -0300, Carlos Eduardo Tavares Terra wrote:
> On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin wrote:
> >
> I wrote the rules for huntgroup here because the rules in groupcheck
> didn't work. If I take this out, just keeping the groupcheck, &
> On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin wrote:
>>
>>> ++--+++--+
>>> | id | username | attribute | op | value |
>>> ++--++----+------+
>>> | 5 |
On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin wrote:
>
>> ++--+++--+
>> | id | username | attribute | op | value |
>> ++--+++--+
>> | 5 | jack | Huntgroup-Name
| wireless |1 | 1 |
> +--+---+--++
User jack had got the 'wireless' membership.
> ++--+++--+
> | id | username | attribute | op | value|
> ++--+----
On Wed, Sep 2, 2009 at 5:13 AM, Ivan Kalik wrote:
>> I am having trouble while trying to work with huntgroups. Maybe I
>> misunderstand the way how huntgroups works.
>>
>> When I use 'Huntgroup-Name' into radcheck, everything works fine. But
>> when I put
> I am having trouble while trying to work with huntgroups. Maybe I
> misunderstand the way how huntgroups works.
>
> When I use 'Huntgroup-Name' into radcheck, everything works fine. But
> when I put the 'Huntgroup-Name' into radgroupcheck, the radius is just
Hello,
I am having trouble while trying to work with huntgroups. Maybe I
misunderstand the way how huntgroups works.
I read another post about this issue, but I don't really understand
why force the huntgroup name in confs.
I have inserted two NAS' into radhuntgroup, as follow:
mys
> hi,
>
> i've got a few virtual hosts that do checks on the NAS-IP-Address
> - all works fine - but those lists of NAS are now growing so
> in order to maintain sanity I thought 'heck, lets use a Huntgroup'
>
> however, I recall hu8ntgroups being very much tie
hi,
i've got a few virtual hosts that do checks on the NAS-IP-Address
- all works fine - but those lists of NAS are now growing so
in order to maintain sanity I thought 'heck, lets use a Huntgroup'
however, I recall hu8ntgroups being very much tied to users
and wasnt sure of
Ivan Kalik wrote:
>
> Enable copy_request_to_tunnel in peap section of eap.conf.
Hmmm... Now I feel stupid for not finding this myself...
Thanks for showing me the right direction.
Regards,
--
Nicolas Boullis
Ecole Centrale Paris
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
> Currently, the relevant part of my users file is:
>
> | DEFAULT Huntgroup-Name == ap, Prefix == "guest/", Autz-Type := GUEST
> | Fall-Through = No
> |
> | DEFAULT Autz-Type := DEFAULT
>
> The trouble is the inner request has no NAS-IP-Address, so the
&g
also have to deal with some "guest" users, whose usernames all
begin with the "guest/" prefix, who are in a SQL database, and who only
should be allowed to connect to wifi.
Currently, the relevant part of my users file is:
| DEFAULT Huntgroup-Name == ap, Prefix == &qu
> kmcuser Auth-Type = LDAP, Huntgroup-Name == "kmc1"
> Fall-Through = Yes
You probably don't need to force Auth-Type. What freeradius version is
this? Why are you using version that is years out of date?
> and following lines in /etc/raddb/huntgroup file:
&g
Parashar Singh wrote:
> I am new to freeradius.
You installed a *very* old version of the server. I suggest you
upgrade to 2.1.6.
> If I am doing following in /etc/raddb/users file:
>
> kmcuser Auth-Type = LDAP, Huntgroup-Name == "kmc1"
> Fall-Through = Y
Hi
I am new to freeradius.
I want to implement huntgroup for associating a user name with particular
NAS device.
I am performing username authentication with Auth-Type = LDAP
If my NAS devices are cisco routes, with IP A.B.C.D, and I want to
authenticate this device with
user1/* in LDAP, can
>In Freeradius 2.1.1 I've implemented the huntgroup table in the backend
>which works well (using mysql and the guide provided below by John.) I need
>to know how can I send the attributes above to the NAS based on the sql
>huntgroup match which I get back from the SQL query? I&
Thanks Alan,
I will look into that.
Adrian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Monday, December 01, 2008 12:33 PM
To: FreeRadius users mailing list
Subject: Re: Huntgroup replies using mysql
Adrian wrote:
> The Users f
Adrian wrote:
> The Users file would look like this:
>
> DEFAULT Huntgroup-Name == “Test_Group”
>
> Authentication-Type = Accept, (*** this
> line no longer works in 2.1.1. It errors out with Invalid Octet string
> “Accep
Hello John/All
I'm moving from free-radius 1.1.7 to 2.1.1. In the old setup I was using
the huntgroup file to tag a NAS and based on the IP address of that NAS
assign it a huntgroup. Then, in the users file, I would send the huntgroup
particular attributes.
The Users file would look
Hi,
For some NAS i want to restrict the access for a single realm. For other
NAS every realm is allowed. So I put in huntgroups:
huntgroups:
notebookNAS-IP-Address == 123.123.123.123, User-Name [EMAIL PROTECTED]
This is only working, if the user has a Huntgroup-Name entry in the
users
Bill Shaver wrote:
> I am running a fairly old version of FreeRADIUS (1.0.1). I would like
> to define a regular expression (such as Guest\d+) for a set of users in
> the huntgroup file for a specific NAS. Based on my reading of the docs,
> this does not look like it is possible/supp
I am running a fairly old version of FreeRADIUS (1.0.1). I would like
to define a regular expression (such as Guest\d+) for a set of users in
the huntgroup file for a specific NAS. Based on my reading of the docs,
this does not look like it is possible/supported, but I wanted to check
with the
dius users mailing list
Subject: Re: wpa2 - huntgroup problems -fixed
Hi,
huntgroups and PEAP works, if you set
copy_request_to_tunnel = yes
in eap.conf.
eap.conf:
...
peap {
# The tunneled EAP session needs a default
# EAP type which is separat
-password works
> fine. The authentication with nt-passwords only works, if no huntgroup
> is defined in the database.
>
> if huntgroup is defined:
> rlm_sql (sql): No matching entry in the database for request from user
>
> if not:
> modcall[authorize]: module "sql
Hi,
maybe a missunderstanding. The authentication with crypt-password works
fine. The authentication with nt-passwords only works, if no huntgroup
is defined in the database.
if huntgroup is defined:
rlm_sql (sql): No matching entry in the database for request from user
if not:
modcall
Hans Bornemann wrote:
Hi,
did you mean the operator for the huntgroups?
No. Crypt-Password
hans
On Thu, 2008-04-10 at 10:29 +0100, Phil Mayers wrote:
Hans Bornemann wrote:
Hi,
I have a problem with huntgroups and wpa2. It concerns the following:
First, huntgroups works with ntradping
Hi,
did you mean the operator for the huntgroups?
hans
On Thu, 2008-04-10 at 10:29 +0100, Phil Mayers wrote:
> Hans Bornemann wrote:
> > Hi,
> >
> > I have a problem with huntgroups and wpa2. It concerns the following:
> >
> > First, huntgroups works with ntradping and crypt-passwd:
> >
> >
Hans Bornemann wrote:
Hi,
I have a problem with huntgroups and wpa2. It concerns the following:
First, huntgroups works with ntradping and crypt-passwd:
mysql-db
unzinn| NT-Password| := | 7C53CFA5EA7D0F9B3B968AA0FB51A3F5
unzinn| crypt-password | == | $1$7ftISFCW$xp.n8LMOxfPD7GqdSJ
| Huntgroup-Name | == | hrzvpn
with wpa2 (PEAP/MSCHAPv2) it works only without the huntgroup entry.
Is this a problem because of different adresses?
Access-Request packet from host 129.217.169.191 ..
NAS-IP-Address = 129.217.157.246 ?
huntgroups:
hrzvpn NAS-IP-Address == 129.217.157.246
debug
tgroups. The second and following lines
># define the access restrictions (based on username and
># UNIX usergroup) for the huntgroup.
>#"
>
>
>So I can create a huntgroup with multiple Nas, but the 'second and
>following lines' are onl
Hi,
> "# This file can also be used to define restricted access
> # to certain huntgroups. The second and following lines
> # define the access restrictions (based on username and
> # UNIX usergroup) for the huntgroup.
>
e and
# UNIX usergroup) for the huntgroup.
#"
So I can create a huntgroup with multiple Nas, but the 'second and
following lines' are only recognized by the last entry in the huntgroup.
So If I go with groups, I should be able to add the following: (can
someone tell me
>I did, but the user list is not being recognized by more than one.
>How can I get that user list to be used for all NAS that are in that
>huntgroup? Or is this a bug?
>
No, it's not a bug. It's a flat file entry. Every entry is matched
separately. i.e. one entry doesn&
Hi,
> I should say that I do not want to use an external solution. Creating a
> huntgroup for each NAS with the exact same user list does work, but then
> if I have to change a user I would then have to modify what could be
> over 100 groups.
i think, therein, lies your problem
> Message: 9
> Date: Wed, 12 Dec 2007 22:41:54 +0100
> From: <[EMAIL PROTECTED]>
> Subject: RE: Example listed in huntgroup file does not work
> To: "FreeRadius users mailing list"
>
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain
1 - 100 of 205 matches
Mail list logo
