Re: Specifying sql instance to use for huntgroup group lookup
Doug Warner wrote: I am specifying an Sql-Group required for one of my huntgroups and am finding that when looking up the group info from my database that the wrong sql instance is being used. I have an sql_read instance that's specified to be used in my authorize section, but when the Sql-Group is evaluated for the huntgroup my sql_write sql instance is used instead. Is there a way to specify which sql instance should be used in this situation? There's a fix in git v2.1x branch now. It adds instance-SQL-Group, just like for LDAP-Group. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Specifying sql instance to use for huntgroup group lookup
On 06/21/2010 03:52 PM, Doug Warner wrote: I am specifying an Sql-Group required for one of my huntgroups and am finding that when looking up the group info from my database that the wrong sql instance is being used. I have an sql_read instance that's specified to be used in my authorize section, but when the Sql-Group is evaluated for the huntgroup my sql_write sql instance is used instead. Is there a way to specify which sql instance should be used in this situation? I moved this thread over to the -devel list with a supplied patch. It appears to me this isn't currently possible but might be trivial to fix. -Doug signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Specifying sql instance to use for huntgroup group lookup
Doug Warner wrote: I moved this thread over to the -devel list with a supplied patch. It appears to me this isn't currently possible but might be trivial to fix. The fix is to copy the instance-LDAP-Group setup from the LDAP module, and change it to instance-SQL-Group. The fix should be in git tomorrow. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Specifying sql instance to use for huntgroup group lookup
I am specifying an Sql-Group required for one of my huntgroups and am finding that when looking up the group info from my database that the wrong sql instance is being used. I have an sql_read instance that's specified to be used in my authorize section, but when the Sql-Group is evaluated for the huntgroup my sql_write sql instance is used instead. Is there a way to specify which sql instance should be used in this situation? -Doug signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroup GROUP?
That line below means if the client is not 1.2.3.4, then reject. On Tue, 1 Feb 2005, Cris Boisvert wrote: Does this mean... the client ip has to be 1.2.3.4 if not reject Or if the client ip is this reject? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, January 31, 2005 5:14 PM To: freeradius-users@lists.freeradius.org Subject: Re: Huntgroup GROUP? Cris Boisvert [EMAIL PROTECTED] wrote: Is their a way to do that to keep users from authenticating from other nas's Other than adding all the users to the appropriate huntgroup? user Client-IP-Address != 1.2.3.4, Auth-Type := Reject ... For multiple NASes, the huntgroups are the simplest way (for now). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.3 - Release Date: 1/31/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroup GROUP?
I have this in the users file pork1 Client-IP-Address != 208.243.100.5, Auth-Type := reject, Password == test When I test from that nas I get a reject every time. Ideas? Thanx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dustin Doris Sent: Wednesday, February 02, 2005 10:26 AM To: freeradius-users@lists.freeradius.org Subject: RE: Huntgroup GROUP? That line below means if the client is not 1.2.3.4, then reject. On Tue, 1 Feb 2005, Cris Boisvert wrote: Does this mean... the client ip has to be 1.2.3.4 if not reject Or if the client ip is this reject? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, January 31, 2005 5:14 PM To: freeradius-users@lists.freeradius.org Subject: Re: Huntgroup GROUP? Cris Boisvert [EMAIL PROTECTED] wrote: Is their a way to do that to keep users from authenticating from other nas's Other than adding all the users to the appropriate huntgroup? user Client-IP-Address != 1.2.3.4, Auth-Type := Reject ... For multiple NASes, the huntgroups are the simplest way (for now). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.3 - Release Date: 1/31/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.3 - Release Date: 1/31/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroup GROUP?
Cris Boisvert [EMAIL PROTECTED] wrote: I have this in the users file pork1 Client-IP-Address != 208.243.100.5, Auth-Type := reject, Password == test When I test from that nas I get a reject every time. See what debugging mode says. Ideas? Try putting the password in a different entry of the users file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroup GROUP?
Firstly, run the server in debug mode (as it says in the doco), and you can see exactly what its doing, and why you are being rejected: radiusd -X Secondly, the user password attribute is called User-Password (as per the examples in the users file), so try that. Regards, Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cris Boisvert Sent: Thursday, 3 February 2005 4:39 AM To: freeradius-users@lists.freeradius.org Subject: RE: Huntgroup GROUP? I have this in the users file pork1 Client-IP-Address != 208.243.100.5, Auth-Type := reject, Password == test When I test from that nas I get a reject every time. Ideas? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroup GROUP?
Does this mean... the client ip has to be 1.2.3.4 if not reject Or if the client ip is this reject? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, January 31, 2005 5:14 PM To: freeradius-users@lists.freeradius.org Subject: Re: Huntgroup GROUP? Cris Boisvert [EMAIL PROTECTED] wrote: Is their a way to do that to keep users from authenticating from other nas's Other than adding all the users to the appropriate huntgroup? userClient-IP-Address != 1.2.3.4, Auth-Type := Reject ... For multiple NASes, the huntgroups are the simplest way (for now). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.3 - Release Date: 1/31/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroup GROUP?
IN the huntgroups File it has this example. ## business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 0-7 User-Name = rogerl, User-Name = henks, Group = business, Group = staff ## Does the place where is says Group refer to the same radgroupreply table In the database? So when someone authenticated the user would have to have the correct user and pass and their group would have to be defined in the huntgroup or it would get a reject? Thanx Cris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroup GROUP?
Cris Boisvert [EMAIL PROTECTED] wrote: Does the place where is says Group refer to the same radgroupreply table In the database? No. It refers to Unix groups. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroup GROUP?
Is their a way to do that to keep users from authenticating from other nas's Other than adding all the users to the appropriate huntgroup? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, January 31, 2005 3:45 PM To: freeradius-users@lists.freeradius.org Subject: Re: Huntgroup GROUP? Cris Boisvert [EMAIL PROTECTED] wrote: Does the place where is says Group refer to the same radgroupreply table In the database? No. It refers to Unix groups. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.3 - Release Date: 1/31/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroup GROUP?
Cris Boisvert [EMAIL PROTECTED] wrote: Is their a way to do that to keep users from authenticating from other nas's Other than adding all the users to the appropriate huntgroup? userClient-IP-Address != 1.2.3.4, Auth-Type := Reject ... For multiple NASes, the huntgroups are the simplest way (for now). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html