HuntGroup check in radgroupcheck

Alan DeKok aland at
Thu Feb 21 18:19:23 CET 2013

Lorenzo Milesi wrote:
> I'm trying to manage Huntgroup checking into radgroupcheck table, but doesn't seem to work.

  Post the debug output, as suggested in the FAQ, "man" page, web pages,
and daily on this list.

> Given the following properties:
> radcheck:
> F000001 MD5-Password := somemd5hash
> radusergroup
> F000001 HuntGroup01
> radgroupcheck
> F000001 Huntgroup-Name =~ nas04|nas05
> the user is always authenticated, even if the connection comes from a nas which is not nas04 or nas05.

  I think you're confused about huntgroups.  NASes are placed into
huntgroups via the "huntgroups" file.  Not SQL.  When you check group
membership, you check for the huntgroup name, not the NAS name.

  You're using Huntgroup-Name to check the *nas* name.  It won't work.

> In addition to that, can I set a certain property (i.e. WISPr-Session-Terminate-Time) only if the user connects to a specific huntgroup?

  Yes.  Do a huntgroup check (correctly), and set the reply attribute if
it matches.

  Alan DeKok.

More information about the Freeradius-Users mailing list