Hi, I am currently trying to set up a single FreeRadius 3.0.13 server to handle diffenrents SSID on a network. Users should be allowed to use certain SSID IF they are in certain AD Group. We (my collegue and myself) have been to work things out, BUT we would like to optimise. Here is what has been done: In the DEFAULT site: Authenticate --> With the MSCHAP via NTLM_Auth Authorize ---> we have configured the LDAP module to be able to query the AD We could see that is was working, in the "radiusd -X" output. Then we implemented this, under.... But the first "if" does not work, although it should be ENOUGH and really enought dynamic.... if the SSID and AD Group are created the right way. We encountered the following problem: UNABLE to use "%{Called-Station-SSID}" (nor %Called-Station-SSID) But %{User-Name} works great. - rewrite_called_station_id --> has been called in "authorized" that should "instantiate" the Called-Station-SSID post-auth { if (LDAP-Group == "grp-ssid-%{Called-Station-SSID}") { update reply { Reply-Message = "Hello %{User-Name}: accès permis sur %{Called-Station-SSID} a" } ok return } if (LDAP-Group == "grp-ssid-GRP-Radius" && Called-Station-SSID == "GRP-Radius") { update reply { Reply-Message = "Hello %{User-Name}: accès permis sur %{Called-Station-SSID} b" } ok return } if (LDAP-Group == "grp-ssid-GRP-Radius2" && Called-Station-SSID == "GRP-Radius2") { update reply { Reply-Message = "Hello %{User-Name}: accès permis sur %{Called-Station-SSID} " } ok return } else { update reply { Reply-Message = "Hello %{User-Name}: Vous n'avez pas accès" } reject } #### - Is there any ways to use that "CALLED-STATION-SSID"? anywhere.... or, where is it "usable". - Is that kind of "mechanisme" the good way to go ? - Is there a way to initialise a "global" variable, so that we can use it "anywhere" ? (UNLANG) Thanks in advance Pierre de Jong -.-.-.-.-.-.-.-.-.-.-