Hi,

We are experiencing problems using the huntgroups file with freeradius-1.0.0-pre3.

Please note that the NAS-IP-Address is the same for both huntgroups ie 217.15.97.19. Using different NAS-IP-Addresses works fine

 

Huntgroups file is as follows :-

 

streamgamers   NAS-IP-Address == 217.15.97.19

                Group == users,

                Group == tech

 

gaming              NAS-IP-Address == 217.15.97.19

                Group == gamers,

                Group == users,

                Group == tech

 

 

Users file is as follows :-

 

DEFAULT         Auth-Type := System, Hint == "gamestream", Huntgroup-Name == "gaming", Service-Type == Framed-User

                Service-Type = Framed-User,

                Framed-Protocol = PPP,

 

DEFAULT         Auth-Type := System, Hint == "stream", Huntgroup-Name == "streamgamers", Service-Type == Framed-User

                Service-Type = Framed-User,

                Framed-Protocol = PPP,

 

Hints file is as follows :-

 

DEFAULT Suffix == "@stream", Strip-User-Name = Yes

        Hint = "stream"

 

DEFAULT Suffix == "@gamestream", Strip-User-Name = Yes

        Hint = "gamestream"

 

 

The problem we have is the following :-

Imagine 2 users

john1 in group gamers

peter1 in group tech

 

we require john1 to obtain access using only the @gamestream realm

if [EMAIL PROTECTED] tries to connect he is denied access stating the following error :-

            Mon Jul 26 10:39:24 2004 : Auth: No huntgroup access: [john1]

If [EMAIL PROTECTED] tries to connect he is denied access

If [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access

 

 

Now if we modify the huntgroups file as follows putting the gaming huntgorup first (the one with more groups):-

 

gaming              NAS-IP-Address == 217.15.97.19

                Group == gamers,

                Group == users,

                Group == tech

 

streamgamers   NAS-IP-Address == 217.15.97.19

                Group == users,

                Group == tech

 

And try the users again :-

we require john1 to obtain access using only the @gamestream realm

if [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access (which is not required)

If [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access

 

This means that for some reason only the first list of groups is matching

 

Can you help us out. If you require further details just ask.

Thanks for your time!

 

Regards,

------------------------------------------------
David Mifsud
Network Engineer
DataStream Ltd.
Office Direct: 2567 7230
Office General: 2567 7000
URL: <http://www.datastream.com.mt/>

This Email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions represented are solely those of the author and do not necessarily represent those of Datastream Ltd. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding,printing or copying of this Email is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake or call +356 21482000 and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or free of errors as information could be intercepted, corrupted, lost, destroyed, delayed or incomplete, and/or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of Email Transmission.

 

Reply via email to