SQL Huntgroup only work with user check, not group check

George Koulyabin jumbo at vinf.ru
Fri Sep 4 10:24:12 CEST 2009


On Thu, Sep 03, 2009 at 07:36:31AM -0300, Carlos Eduardo Tavares Terra wrote:
> On Thu, Sep 3, 2009 at 6:30 AM, George Koulyabin<jumbo at vinf.ru> wrote:
> >
> I wrote the rules for huntgroup here because the rules in groupcheck
> didn't work. If I take this out, just keeping the groupcheck, 'jack'
> will connect from any hardware. The groupcheck is ignoring the
> huntgroups.

You must to use huntgroups for consolidation of Your hardware by identical properties. For examle, You
can create huntgroup for wireless hardware and huntgroup for access-servers.
Groups, sql-groups (radusergroup/radgroupcheck/radgroupreply) are intended for consolidation of users.

In Your 'sql-rules' You wrote: "User has 'wireless' sql-group membership. But user has this membership when he'll 
connected from the hardware (member of 'wireless' huntgroup)."

See FreeRADIUS documentation, file rlm_sql.



More information about the Freeradius-Users mailing list