HuntGroup check in radgroupcheck

Lorenzo Milesi maxxer at
Thu Feb 21 18:37:48 CET 2013

>   Post the debug output, as suggested in the FAQ, "man" page, web
>   pages, and daily on this list.

I posted the freeradius -X output into the linked file... Aren't you referring to that?

> > Given the following properties:
> > radcheck:
> > F000001 MD5-Password := somemd5hash
> > radusergroup
> > F000001 HuntGroup01
> > radgroupcheck
> > F000001 Huntgroup-Name =~ nas04|nas05
> > 
> > the user is always authenticated, even if the connection comes from
> > a nas which is not nas04 or nas05.
>   I think you're confused about huntgroups.  NASes are placed into
> huntgroups via the "huntgroups" file.  Not SQL.  When you check group
> membership, you check for the huntgroup name, not the NAS name.

According to [1] huntgroups can be checked via SQL as well...
>From the debug output i posted here [2] you can see the huntgroup is correctly identified from SQL...


>   You're using Huntgroup-Name to check the *nas* name.  It won't
>   work.

I omitted to say that in my radhuntgroup table I defined HG with the same names as nases in the nas table. Can this be a problem?


Lorenzo Milesi - lorenzo.milesi at

GPG/PGP Key-Id: 0xE704E230 -

More information about the Freeradius-Users mailing list