errors when check with huntgroup

Bertrand Poulet bertrand.poulet at
Thu Mar 14 20:17:26 CET 2013

Hi all,

I' ve a problem when i want to check user with huntgroup :

bp3     User-Password := "test" , Calling-Station-Id ==
"844b.f5b8.d423"      is Ok
but not :
bp3     User-Password := "test" , Calling-Station-Id == "844b.f5b8.d423"
, Huntgroup-Name == "wifi"

I read something like that in mailing list and it said that it could be :
"as Alan said, inside the TLS tunnel the huntgroup check was failing.
As the users file is checked on the first requests received, and the
wrong huntgroup filtered out, it is not necessary to check it again
inside the tunnel. I have removed it from my configuration and it is
working ok now."

What has been removed from the configuration ?

partial ooutput :

root at maxwell:/usr/local/etc/raddb# radiusd -X
FreeRADIUS Version 2.2.0, for host i686-pc-linux-gnu, built on Mar 11
2013 at 13:51:19
Module: Instantiating module "preprocess" from file
  preprocess {
        huntgroups = "/usr/local/etc/raddb/huntgroups"
        hints = "/usr/local/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
reading pairlist file /usr/local/etc/raddb/huntgroups
reading pairlist file /usr/local/etc/raddb/hints
Listening on authentication address port 18120 as server
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host port 1645,
id=199, length=162
        User-Name = "bp3"
        Framed-MTU = 1400
        Called-Station-Id = "0014.1bb6.4be0"
        Calling-Station-Id = "844b.f5b8.d423"
        Cisco-AVPair = "ssid=ipl_dsi"
        Service-Type = Login-User
        Message-Authenticator = 0xab5216a12cd14981035afde9d25910ae
        EAP-Message = 0x0202000801627033
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "748"
        NAS-Port = 748
        NAS-IP-Address =
        NAS-Identifier = "net-ap-A1-1-53"
# Executing section authorize from file
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "bp3", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry bp3 at line 213
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - bp3
[peap] Got inner identity 'bp3'
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel

More information about the Freeradius-Users mailing list