User login restrictions based on SSID

Alan DeKok aland at
Mon May 23 15:18:54 CEST 2016

On May 23, 2016, at 8:03 AM, Eby Mani via Freeradius-Users <freeradius-users at> wrote:
> I'm trying to set login restrictions based on SSID. For example users in Sales Group should only connect a particular SSID, etc.. and Support Team should be able to login to any SSID. We have Aruba Controller, which provide SSID in Aruba-Essid-Name attribute in Access-Request and using daloradius for user management.
> First i've tried the following to get this working without adding any sql code;
> "Aruba-Essid-Name := ssid_name" in User Group Check attributes - didn't work
> "Aruba-Essid-Name := ssid_name" in User Check attributes - didn't work

  Se the FAQ for "it doesn't work".  Such messages are content-free, and there is really no reason to post them to the list.

> And finally using the 'address' column in 'userinfo' TABLE to store SSID info.
> And have put the following in authorize {} sites-enabled/default ;
> if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username= '%{User-Name}' AND userinfo.address= '%{Aruba-Essid-Name}'} >0")
>       {
>                ok
>        }
>        else {
>                reject
>        }
>        sql
> No mater which SSID, i'm able to connect.

  If only there was some kind of debug log, where you could see what the server was doing.

  Alan DeKok.

More information about the Freeradius-Users mailing list