On Aug 4, 2015, at 8:15 PM, Zeus Panchenko <zeus@ibs.dn.ua> wrote:
Alan DeKok <aland@deployingradius.com> wrote:
On Aug 4, 2015, at 2:05 PM, Zeus Panchenko <zeus@ibs.dn.ua> wrote:
I hoped if I set radiusCheckItem: Called-Station-SSID := 'SSID_ALLOWED'
See the wiki for the meaning of the operators. ":=" is an assignment operator. It doesn't do comparisons.
yes, understood ... it has to be `=='
And just doing a comparison is not enough, either. What do you want it to *do* when the comparison matches?
I want it to be part of the condition for access allowing
if Called-Station-SSID configured in LDAP matches the one processed from Called-Station-Id, then access is to be allowed, otherwise not
So... set it to reject the user if the Calling-Station-Id doesn't match.
You have to write that down, too.
what is the right place to do that?
It was working for me when I did it in v.2.x users file this way:
---[ quotation start ]------------------------------------------- DEFAULT Ldap-Group == "wifi-xyz", Called-Station-SSID == "SSID_ALLOWED", User-Profile := "cn=wifi-xyz,ou=profiles,ou=RADIUS,dc=xyz" Reply-Message := "%{User-Name}, SSID: %{Called-Station-SSID} access was permited to you.", Fall-Through = no ---[ quotation end ]-------------------------------------------
but how to do that now via LDAP?
I'm not sure. You can use that exact configuration in v3, so why not try that? Alan DeKok.