I meant Huntgroup-Name == NetworkA in my radgroupcheck table. I'm not using the
huntgroups file - they're all in my db.
The wiki suggests using the query below restrict access per network. If that
query below is not going to work, it's a little misleading. Or is it just
incomplete?
On 30 Oct 2011, at 17:03, Alan DeKok wrote:
> simonm123 wrote:
>> Am new to freeradius but have it mainly set up just fine. It's a fantastic
>> tool and I'm enjoying using it :)
>
> That's good to hear.
>
>> Just one thing I'm struggling with is the huntgroups. I've followed the wiki
>> to the letter and can see the server checking in the debug log.
>>
>> What I basically want to do is restrict users to certain networks, as per
>> the wiki. If their huntgroup-name matches their huntgroup based on nasip,
>> they can get online, otherwise they're rejected.
>
> OK...
>
>> I've put Huntgroup-Name = NetworkA in my radgroupcheck folder.
>
> Use "==". It does comparisons.
>
>> In my radhuntgroup table, I have the nasip and groupname = NetworkA
>>
>> Then, in the authorize section of my default host, I put:
>>
>> update request {
>> Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE
>> nasipaddress='%{NAS-IP-Address}'}"
>> }
>
> No, that won't work. The huntgroups are defined by the "huntgroups"
> file. You can't change them like you're trying to do.
>
> Instead, use another attribute. Invent one. See raddb/dictionary.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
