Antw: Re: How many NAS kann radius take?

Anja Ruckdaeschel Anja.Ruckdaeschel at
Thu Feb 20 14:05:49 CET 2014

Did the change with policies and default and inner-tunnel with "%{client:group}" instead of Huntgroup-Name.

But what is the equivalent Variable to check that in the users file / files module?

Thanks for your help.

>>> Alan DeKok <aland at> 14.02.2014 03:17 >>>
Anja Ruckdaeschel wrote:
> Every nas has an entry in an include file for clients.conf like:
> client {
>         secret = ***************
>         shortname = blafasel
>         nastype = other
> }

  That's fine.

> and an entry per NAS in an include file for huntrgoups like:
> ap Client-IP-Address == x.x.x.x
> ap NAS-IP-Address == x.x.x.x

  That's terrible.  Don't do that.  Ever.

  Instead, put the client group information into the "client" section:

client {
        secret = ***************
        shortname = blafasel
        nastype = other
	group = ap

  Then do policy checking via %{client:group} instead of Huntgroup-Name.
 It will do the same thing, and will be *enormously* faster.

  As a general rule, if you're doing tens of checks, it's OK to put them
into a flat-text file.  If you're doing thousands of checks, you should
really put them into a database.

  Alan DeKok.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list