Debug info below On Tue, Nov 9, 2010 at 2:09 PM, inetjunkmail <inetjunkm...@gmail.com> wrote:
> I know I'm missing something obvious but I'm stuck here so I apologize in > advance for the silly question. > > I'm using freeradius 2.1.7. > > I'm using the "files" option for all processes but I want to use user > groups so I can reference them in my huntgroups definitions as groups of > users permitted to authentication to that group of devices. I tried > modifying the etc_group module and the group is correctly determined but it > takes place after the huntgroup decision making process done by > "preprocessing" so the match condition for the huntgroup fails. I then > inserted the module before "preprocessing" in my sites-available/default > file and the group is correctly determined prior to preprocessing but it > doesn't seem to match the test condition. Snippets of config are below. > Any guidance would be appreciated. > > modules/My-Group-Name > ----- > passwd My-Group-Name { > filename = /etc/raddb/group > format = "=My-Group-Name:*,User-Name" > hashsize = 50 > ignorenislike = yes > allowmultiplekeys = yes > delimiter = ":" > } > ----- > > dictionary > ----- > ATTRIBUTE My-Group-Name 3000 string > ----- > > group > ----- > telecom:test1 > hg1admin:test2 > > huntgroups > ----- > hg1 NAS-IP-Address =~ "^10\.69\.1\..*" > My-Group-Name == telecom, > My-Group-Name == hg1admin, > ----- > > users > ----- > test1 Cleartext-Password := "password1" > test2 Cleartext-Password := "password2" > ----- > > I've inserted the My-Group-Name module at various locations within > sites-available/default with no luck. Again, ant guidance would be > appreciated. > > > > Here is some debug info. The group name is assigned but the huntgroup match still fails. Can someone provide insight as to why? Ready to process requests. rad_recv: Access-Request packet from host 10.69.1.10 port 1645, id=69, length=76 User-Name = "test1" User-Password = "password1" NAS-Port = 0 NAS-Port-Id = "tty0" NAS-Port-Type = Async Calling-Station-Id = "async" NAS-IP-Address = 10.69.1.10 +- entering group authorize {...} [My-Group-Name] Added My-Group-Name: 'telecom' to reply_items ++[My-Group-Name] returns ok [preprocess] expand: %{NAS-IP-Address} -> 10.69.1.10 [preprocess] No huntgroup access: [test1] (from client k12 port 0 cli async) ++[preprocess] returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 69 to 10.69.1.10 port 1645 Waking up in 4.9 seconds. Cleaning up request 0 ID 69 with timestamp +16 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html