mysql huntgroups Access-Reject

GeneTitus gene at
Wed Dec 15 18:08:45 CET 2010

Greetings from Texas.

I'm setting up freeradius to authenticate/authorize network engineers to log
into cisco and juniper devices. Some devices we share with other
organizations. I need to be able to allow some engineers access to some
devices and not others. I'm running on redhat with Mysql as the backend.
I'll will be writing a web front end to manage our radius server(s) once I
get a working configuration for our situation..

I have freeradius 2.1.7. That's the rpm for redhat 5.4.

I have radcheck and radreply working. (username and password checking)

I have radusergroup, radgroupcheck, radgroupreply working if I populate the
huntgroups flat file with appropriate information.

I can set shell:privs on ciscos for a specific user based on group
membership via radgroupreply.

As I understand it, if I move huntgroups out of the flat file (preprocess)
and into mysql, I loose the ability to send an Access-Reject based on

Is that correct?

Gene Titus
The Office of Telecommunication Services
The University of Texas at Austin
View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list