On Thu, 12 Mar 2009 14:20:58 +0200, <t...@kalik.net> wrote:
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
reject
}
Here debug on this action:
++? if (SQL-Group != 'Spot')
sql_groupcmp
expand: %{User-Name} -> spot2
sql_set_user escaped user --> 'spot2'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'spot2'
ORDER BY priority
sql_groupcmp finished: User is a member of group Spot
rlm_sql (sql): Released sql socket id: 4
? Evaluating (SQL-Group != 'Spot') -> TRUE
++? if (SQL-Group != 'Spot') -> TRUE
++- entering if (SQL-Group != 'Spot') {...}
+++[reject] returns reject
++- if (SQL-Group != 'Spot') returns reject
strange behaviour, user 'spot2' belongs to group 'Spot', but if clause
return TRUE and reject returned.
OK, it looks like it doesn't work in unlang. I don't know if it is
suposed to, but Alan will know. Put this in users file:
DEFAULT SQL-Group != "Spot", Auth-Type := Reject (, Huntgroup-Name ==
"hotspot")
Reply-Message := "Only hotspot users allowed"
You will probably need to add NAS-IP-Address or Huntgroup-Name in order
to tie it to the originating NAS.
Ivan Kalik
Kalik Informatika ISP
This is works with hungroups, thanks!
Here example for future readers:
raddb/users:
DEFAULT SQL-Group != "Spot", Auth-Type := Reject, Huntgroup-Name == "Spot"
Reply-Message := "ERROR 104: Only hotspot users allowed to login."
raddb/huntgroups:
Spot NAS-IP-Address == 212.110.144.142
Spot NAS-IP-Address == 212.110.136.226
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
