On 04/04/2017 09:30, Pierre de Jong wrote:
We could see that is was working, in the "radiusd -X" output. So please show us the radiusd -X output from an exchange where the problem occurs.
We encountered the following problem:
UNABLE to use "%{Called-Station-SSID}" (nor %Called-Station-SSID) What do you mean by "unable to use"?
What's important is what attributes are in the incoming request, and which attribute identifies the SSID the user is connecting to. This is different depending on what AP you are using.
- rewrite_called_station_id --> has been called in "authorized" that should "instantiate" the Called-Station-SSID
Only if your AP generates a Called-Station-ID attribute in the format expected by that policy function. Does it? The freeradius -X output would show this.
post-auth { if (LDAP-Group ="grp-ssid-%{Called-Station-SSID}") { update reply { Reply-Message =Hello %{User-Name}: accès permis sur %{Called-Station-SSID} a" }
freeradius -X output would show what's happening. Note that the "=" operator is probably not what you want. And that the LDAP-Group attribute is multi-valued so you want [*] to check for all values, not just the first. And also, dependent on how you've configured your LDAP lookup, the LDAP-Group attribtue is a "magic" attribute which may return empty string unless you explicitly use the "&" prefix. So I'd suggest writing it like this: if (&LDAP-Group[*] == "grp-ssid-%{Called-Station-SSID}") { ... } HTH, Brian.