Hello, I have implemented in my centos7 freeradius 3 so far succeeded, authenticate users through Active Directory using ntlm_auth however I'm having trouble implementing rules at the level of user groups to determine which user can authenticate each SSID i tryed implement what it says on the link bellow, but I did not succeed. https://lists.freeradius.org/pipermail/freeradius-users/2014-August/073474.h... if (NAS-Port-Type == Wireless-802.11) { # If User-Name doesn't contain our domain then add it. # It's needed for the Group check to use the correct # username. if (User-Name !~ /DOMAIN\\\\/i) { update request { User-Name := "DOMAIN\\\\%{User-Name}" } } if (Called-Station-Id =~ /.*:SSID-A/i) { # Can't do 'if (Group != "xxxxx")' because != # operator doesn't work for group checking. Careful # with the number of backslashes. if (!(Group == "DOMAIN\\\\group A") ) { update reply { Reply-Message = "User not allowed to join this wireless network" } reject } } elsif (Called-Station-Id =~ /.*:SSID-B/i) { if (!(Group == "DOMAIN\\\\group B") ) { update reply { Reply-Message = "User not allowed to join this wireless network" } reject } } }