Dear, I'm trying to configure PEAP Authentication with AD backend on my FR Server which is running version 3.0.4 on Centos 7. So far, I'm able to authenticate against AD but group membership checking is not working, appreciate if some help can be provided. I want to map my SSIDs - SSID02362, SSID02363 etc to AD groups so that users in specific groups can access that particular SSID. As mentioned in man page of rlm_ldap I have configured group membership check in post-auth by adding below configuration in default and inner-tunnel config files but my users are getting access-reject messages. If I remove the ldap-group check config then all users are able to authenticate and access SSID, off course without any control. post-auth { if (LDAP-Group == "FR-TEST") { noop } else { reject } } if group membership works then I can go ahead and add below config to test SSID with Group membership. (this is not one yet). post-auth { if (LDAP-Group == "FR-TEST" && Calling-Station-SSID == "SSID02362") { noop } else { reject } } Where am I going wrong? Debug can be found here -> http://pastebin.com/zSptQPaa Regards Misbah