The huntgroups File
Let’s move on to the /etc/raddb/huntgroups file, where you define certain huntgroups. Huntgroups are sets of ports or other communication outlets on RADIUS client equipment. In the case of FreeRADIUS, a huntgroup can be a set of ports, a specific piece of RADIUS client equipment, or a set of calling station IDs that you want to separate from other ports.
You can filter these defined huntgroups to restrict their access to certain users and groups and match a username/password to a specific huntgroup, possibly to assign a static IP address. You define huntgroups based on the IP address of the NAS and a port range. (Keep in mind that a range can be anywhere from 1 to the maximum number of ports you have.) To configure this file, you first specify the terminal servers in each POP. Then, you configure a stanza that defines the restriction and the criteria that a potential user must satisfy to pass the restriction. That criteria is most likely a Unix username or groupname.
Again, you shouldn’t have to configure this file to get basic functionality enabled for testing; if you would like to peruse the file and its features, however, I’ve provided a sample /etc/raddb/huntgroups file. It’s for an ISP with a POP in Raleigh, North Carolina that wants to restrict the first five ports on its second of three terminal servers in that POP to only premium customers:
raleigh NAS-IP-Address == 192.168.1.101 raleigh NAS-IP-Address == 192.168.1.102 raleigh NAS-IP-Address == 192.168.1.103 ...