<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:PMingLiU;
panose-1:2 2 3 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:PMingLiU;
panose-1:2 2 3 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=ZH-TW link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'>The “Called-Station-Id”
has the SSID included, in addition to the MAC address.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='text-autospace:none'><font size=1 face=Arial><span
lang=ZH-HK style='font-size:9.0pt;font-family:Arial'>Called-Station-Id =
"00-16-E0-FD-47-40:VIP-peap"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'>Lai<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=navy face=Arial><span lang=EN-US
style='font-size:9.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span lang=EN-US
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span lang=EN-US style='font-size:10.0pt;font-family:Tahoma'>
freeradius-users-bounces+lfk=cc.hku.hk@lists.freeradius.org [mailto:freeradius-users-bounces+lfk=cc.hku.hk@lists.freeradius.org]
<b><span style='font-weight:bold'>On Behalf Of </span></b>Santiago Balaguer
Garcia<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, January 24, 2007
4:11 PM<br>
<b><span style='font-weight:bold'>To:</span></b>
freeradius-users@lists.freeradius.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: Proxying based on
SSID</span></font><span lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><o:p> </o:p></span></font></p>
<div>
<div>
<p><font size=3 face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
I think both are wrong because you must distinguish amog the different SSIDs
that an AP broadcast. It sometimes happens the wireless MAC are the same for
all SSIDs. Only some devices (such as Mikrotik) let change the MAC for each
ESSID.<o:p></o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
Another thing is you have to differenciate the ESSID in your user manager. A
solutions can be via VLAN's and your user manager chooses the ESSID by the VLAN
adding a posible prefix to the username.<o:p></o:p></span></font></p>
<p style='margin-bottom:12.0pt'><font size=3 face="Times New Roman"><span
lang=EN-US style='font-size:12.0pt'> I use Mikrotik device which
distinguish the ESSID via MAC and I can add the prefix because each ESSID have
its own login page.<o:p></o:p></span></font></p>
</div>
<blockquote style='border:none;border-left:solid #A0C6E5 1.5pt;padding:0cm 0cm 0cm 4.0pt;
margin-left:3.75pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt'>
<div class=MsoNormal align=center style='text-align:center'><font size=1
face=Tahoma><span lang=EN-US style='font-size:8.5pt;font-family:Tahoma'>
<hr size=1 width="100%" noshade color="#a0c6e5" align=center>
</span></font></div>
<p class=MsoNormal><font size=1 face=Tahoma><span lang=EN-US style='font-size:
8.5pt;font-family:Tahoma'>From: <i><span style='font-style:italic'>Alan
DeKok <aland@deployingradius.com></span></i><br>
Reply-To: <i><span style='font-style:italic'>FreeRadius users
mailing list <freeradius-users@lists.freeradius.org></span></i><br>
To: <i><span style='font-style:italic'>FreeRadius users mailing list
<freeradius-users@lists.freeradius.org></span></i><br>
Subject: <i><span style='font-style:italic'>Re: Proxying based on
SSID</span></i><br>
Date: <i><span style='font-style:italic'>Wed, 24 Jan 2007 08:18:02
+0100</span></i><br>
><st1:PersonName w:st="on">Lai Fu Keung</st1:PersonName> wrote:<br>
> > Normally, I proxy a PEAP request whenever the realm is unknown to us<br>
> > (i.e. using the DEFAULT realm without stripping user name). However,
for<br>
> > some SSIDs, I want requests to be handled locally with ldap,
independent<br>
> > of what the realm is (and with the user name stripped). What I did is
to<br>
> > find those SSIDs in "Called-Station-ID" and<br>
> > set proxy-to-realm to a local realm.<br>
><br>
> OK...<br>
><br>
> > But the problem (I guess) is that when freeradius
processes the realm<br>
> > file, the user name is not stripped. When later on processed by the<br>
> > local realm, the request fails because the user name still contains
the<br>
> > domain.<br>
><br>
> The problem is that the realms file *isn't* being
processed. That's<br>
>why the user names aren't stripped.<br>
><br>
> You can always put the check for SSID *after* the check for
the<br>
>realms. In that case, the usernames will be stripped, and the SSID<br>
>check can cancel any proxying, just like you do now.<br>
><br>
> Alan DeKok.<br>
>--<br>
> http://deployingradius.com
- The web site of the book<br>
> http://deployingradius.com/blog/ - The blog<br>
>-<br>
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</span></font><span
lang=EN-US><o:p></o:p></span></p>
</blockquote>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'><br clear=all>
<o:p></o:p></span></font></p>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span lang=EN-US style='font-size:12.0pt'>
<hr size=2 width="100%" align=center>
</span></font></div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span lang=EN-US
style='font-size:12.0pt'>Recibe ofertas de empleo adaptadas a tu perfil. <a
href="http://g.msn.com/8HMBESES/2752??PS=47575" target="_top">Introduce tu CV
en MSN Empleo.</a> <o:p></o:p></span></font></p>
</div>
</div>
</body>
</html>