Huntgroup replies using mysql

Adrian adrian at
Mon Dec 1 18:13:33 CET 2008

Hello John/All


I'm moving from free-radius 1.1.7 to 2.1.1.  In the old setup I was using
the huntgroup file to tag a NAS and based on the IP address of that NAS
assign it a huntgroup.  Then, in the users file, I would send the huntgroup
particular attributes.  

The Users file would look like this:

DEFAULT              Huntgroup-Name == "Test_Group"

                                Authentication-Type = Accept, (*** this line
no longer works in 2.1.1. It errors out with Invalid Octet string "Accept"
for attribute name "Authentication-Type")

                                Tunnel-Medium-Type = IP,

                                Tunnel-Type = L2TP,



In Freeradius 2.1.1 I've implemented the huntgroup table in the backend
which works well (using mysql and the guide provided below by John.) I need
to know how can I send the attributes above to the NAS based on the sql
huntgroup match which I get back from the SQL query?  I've tried to add a
group in the radgroupreply table that sends back all necessary attributes
however that did not work as the huntgroup was not being checked against the
radgroupreply table.


I can currently achieve what I need by enabling the users file (with the
DEFAULT Entries in it) to be read in the preprocess module however I was
hoping to keep all this in mysql.  


Running radiusd -X I can see that the huntgroup is identified correctly and
I get a ++ [request] returns ok from it however I'm not sure how to send it
the above attributes from sql instead of the users flatfile.  


Any help is appreciated,



From: at
[ at] On
Behalf Of John Dennis
Sent: Tuesday, November 11, 2008 9:43 AM
To: FreeRadius users mailing list
Subject: Re: Restricting user to specific NAS Port


Sean Preston wrote: 

2008/11/11   <mailto:tnt at> <tnt at>:

I need to restrict a specifc user to say 2 specific NAS ports and then
define a different account to some different specific NAS ports.
Currently as long as an account is only ever going to use one NAS port
I can restrict it by adding the entry to the radcheck table.  So for
example if I have 10 users, I have 10 entries with the NAS port and
the == operator.  However if I want to add some accounts with multiple
entries then

.. use huntgroups.

Ok I think I understand what needs to be done.  So the next question
then is how do I setup huntgroups to be in the same database as
everything else because as it stands it looks like it can only be a
file and I am going to have hundreds of groups and it would be easier
to manage in the database.

I wrote documentation for how to implement huntgroups in SQL.
It does require FreeRADIUS version 2.x because it depends on unlang.
You won't need to modify FreeRADIUS 2.x, all you'll need to do is edit
some config files and add a table to your database. The documentation
is attached as a text file to this email.



John Dennis  <mailto:jdennis at> <jdennis at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list