radtest sets NAS-IP-Address = `hostname` -- which is a string, not an ip address. the string is evaluated to the value of 255.255.255.255, and as a result, my problem was with radtest, not with the actual huntgroup configuration. i changed nas = `hostname` to nas = `ifconfig eth0 | grep "inet addr" | awk '{ print $2}' | awk -F : '{ print $2 }'` and i'm gold. -- sorry for the spam / uselessness.
-----Original Message----- From: Michael Komitee Sent: Wednesday, August 13, 2003 1:59 PM To: [EMAIL PROTECTED] Subject: RE: users file not using multiple directives actually, it's not authenticating anyone. i ran a stack trace on radiusd, and tried to authenticate. i'm seeing that the packet radiusd is receiving has a NAS-IP-Address of 255.255.255.255. That's the problem right there. Somehow, the nas ip address isn't being properly set, and as a result the request does not match the huntgroup. -----Original Message----- From: Michael Komitee Sent: Wednesday, August 13, 2003 1:53 PM To: [EMAIL PROTECTED] Subject: RE: users file not using multiple directives thanks for the direction, after reading that i see a bunch of mistakes, but it hasnt actually fixed the problem. i see that my operators were wrong... everywhere. now the user: bob Auth-Type := System, Huntgroup-Name == "dnsservers" with the hunt group dnsservers NAS-IP-Address == 192.168.10.254 authenticates user bob from anywhere, regardless of whether the NAS-IP-Address is 192.168.10.254. My understanding from the users man page (5) is that this will: Auth-Type := System changes the Auth-Type to be System from anything that it was previously set to, if there was no previously declared Auth-Type, it creates the attribute and sets it. Huntgroup-Name == "dnsservers" only matches if the requesting packet includes information that matches all criteria from the dnsservers huntgroup. NAS-IP-Address == 192.168.10.254 matches only if the ip of the NAS is 192.168.10.254... --thats what i think it all means, thats what the man page implies, thats what the docs i've seen on huntgroups implies, but as i stated, it's authenticating from any NAS, not just the aforementioned IP. -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 1:31 PM To: [EMAIL PROTECTED] Subject: Re: users file not using multiple directives "Michael Komitee" <[EMAIL PROTECTED]> wrote: > i'm having a problem with my users file, i'm declaring users and it > seems to only accept a single option per user: Read the 'users' file 'man' page. Look at the examples in the 'users' file. > username Auth-Type = System, Huntgroup-Name = "dnsservers" > > will not authenticate anyone, even when the access request matches > everything in the dnsservers huntgroup, Look for 'Huntgroup-Name' in the sample 'users' file, and see what you're doing differently from those examples. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html