Rascher, Markus wrote: >> No way to store huntgroups directives on LDAP or SQL? > > I worked out a sql scheme to store users and their privileges to access > certain services. > Then i told the radiusd to query a stored procedure on the db, instead > of the standard radcheck-table. In the stored procedure i did some > queries to find find out if the user should have access to the requested > service. > I don't know if this is possible in ldap too... I guess not.
Or... # cat huntgroups ServiceA Client-IP-Address == 1.2.3.4 SQL-Group == ServiceA and... mysql> select * from radius.usergroup limit 1; +----+---------------------+-----------+ | id | UserName | GroupName | +----+---------------------+-----------+ | 65 | [EMAIL PROTECTED] | ServiceA | +----+---------------------+-----------+ and it just works. For LDAP, I think you will need LDAP-Group instead of SQL-Group in the huntgroups file. I'm not sure what it will look like in the LDAP schema, but I am pretty sure others are doing this. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html