I'm trying to set login restrictions based on SSID. For example users in Sales Group should only connect a particular SSID, etc.. and Support Team should be able to login to any SSID. We have Aruba Controller, which provide SSID in Aruba-Essid-Name attribute in Access-Request and using daloradius for user management. First i've tried the following to get this working without adding any sql code; "Aruba-Essid-Name := ssid_name" in User Group Check attributes - didn't work "Aruba-Essid-Name := ssid_name" in User Check attributes - didn't work And finally using the 'address' column in 'userinfo' TABLE to store SSID info. And have put the following in authorize {} sites-enabled/default ; if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username= '%{User-Name}' AND userinfo.address= '%{Aruba-Essid-Name}'} >0") { ok } else { reject } sql No mater which SSID, i'm able to connect. Thanks, Eby