Alan DeKok <aland@deployingradius.com> wrote:
And just doing a comparison is not enough, either. What do you want it to *do* when the comparison matches?
I want it to be part of the condition for access allowing
if Called-Station-SSID configured in LDAP matches the one processed from Called-Station-Id, then access is to be allowed, otherwise not
So... set it to reject the user if the Calling-Station-Id doesn't match.
does it mean to hardcode all my access points data ... because MAC addresses differ but SSID part is the same
---[ quotation start ]------------------------------------------- DEFAULT Ldap-Group == "wifi-xyz", Called-Station-SSID == "SSID_ALLOWED", User-Profile := "cn=wifi-xyz,ou=profiles,ou=RADIUS,dc=xyz" Reply-Message := "%{User-Name}, SSID: %{Called-Station-SSID} access was permited to you.", Fall-Through = no ---[ quotation end ]-------------------------------------------
but how to do that now via LDAP?
I'm not sure. You can use that exact configuration in v3, so why not try that?
yes, I believe it'll work too ... but why use data in file when I configured almost all I need in LDAP? Isn't it be more flexible to hold that data in LDAP? I just do not know how to say FR to use LDAP attribute radiusCheckItem value "Called-Station-SSID == SSID_ALLOWED" to check it against processed one from Called-Station-Id ... can it be done, indeed, please? -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)