MySQL: Group membership test

Bogdan Dumitriu - Technical Support Team helpdesk22 at
Thu May 11 16:23:30 CEST 2006

You can create a group "deactivated" for the users you don't want to
allow to connect and set Auth-Type == Reject for that group.

If you want to tie a group to a certain NAS you have to use huntgroups:

TestNAS1        NAS-IP-Address ==
                SQL-Group == dialup,
                SQL-Group == adsl

It means that is the user is coming from this NAS it has to be a member
of those groups. Otherwise auth fail.

Is this what you are looking for?

At least this is my set up. If you find a better way please let me know.


-----Original Message-----
From: at
[ at lists.freerad] On Behalf Of Michael Schwartzkopff
Sent: May 11, 2006 4:22 AM
To: freeradius-users at
Subject: MySQL: Group membership test


As a backend database to RADIUS I use MySQL. No I have a special

I want to autorize a user for a specific service only if the user is
member of 
a specific group, say "RAS_User". This configuration is nescessary
this database is used also for other authentication/autorization.

The documentation says, that the authcheck_table is beeing searched for
user and the reply items in the authrepl_table are returned for the
user. I 
did not find any hint how to configure my freeradius that way, that the
is autorized to use the service only if he is member of a specific
group. The 
groupcheck is only adds further attributes.

In the ldap module f.i. I can use the "groupmembership_filter".

Is there anything similar in the sql module? How can I configure
freeradius or 
the sql module to test the group membership?

Thanks for any help.

Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

More information about the Freeradius-Users mailing list