HuntGroup check in radgroupcheck

Lorenzo Milesi maxxer at
Thu Feb 21 17:36:22 CET 2013

I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't seem to work.

Given the following properties:
F000001 MD5-Password := somemd5hash
F000001 HuntGroup01
F000001 Huntgroup-Name =~ nas04|nas05

the user is always authenticated, even if the connection comes from a nas which is not nas04 or nas05.
If I place the Huntgroup-Name property in the radcheck the user is correctly limited to the selected NASes. 

Output of the accounting session of "freeradius -X" attached here:
The results of the ran queries:
SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'F0000001' ORDER BY id
F000001 Md5-Password := xxx

SELECT id, username, attribute, value, op FROM radreply WHERE username = 'F0000001' ORDER BY id

SELECT groupname FROM usergroup WHERE username = 'F0000001' ORDER BY id

SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'huntgroup01' OR groupname = 'nas04' ORDER BY id
huntgroup01	Huntgroup-Name	nas01|nas02	=~

The final query correctly returns the list of nases the user is allowed to login to, but apparently it's not considered. Why this? what am I missing?

In addition to that, can I set a certain property (i.e. WISPr-Session-Terminate-Time) only if the user connects to a specific huntgroup?

Lorenzo Milesi - lorenzo.milesi at

GPG/PGP Key-Id: 0xE704E230 -

More information about the Freeradius-Users mailing list