-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, please, where am I mistaking? I need to auth user, comming from via hostapd as client, only if the user belongs to definite Ldap-Group (works fine via radiusGroupName attribute set for user LDAP object) and SSID (which I'm unable to pick - From Called-Station-Id) ... please advise how to do that correct ... I am trying to do it the way described here: http://wiki.freeradius.org/guide/Mac%20Auth#Mac-Auth-authorisation-by-SSID in debug I see - ---[ quotation start ]------------------------------------------- ... rad_recv: Access-Request packet from host 10.241.16.117 port 58063, id=40, length=202 User-Name = "vudhNrF7zxJJmteIVF/Xzg==" NAS-Identifier = "es-student.wrt" Called-Station-Id = "48-5B-39-E7-B0-3B:USER_SSID" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Calling-Station-Id = "00-BD-3A-69-69-1B" Connect-Info = "CONNECT 54Mbps 802.11g" Framed-MTU = 1400 EAP-Message = 0x0254001d01767564684e7246377a784a4a6d74654956462f587a673d3d Message-Authenticator = 0x6c46a58131867c13ca7fb318d9d407fd ... Fri Jan 31 22:50:48 2014 : Info: ++[logintime] = noop Fri Jan 31 22:50:48 2014 : Info: ++policy rewrite.called_station_id { ... Fri Jan 31 22:50:48 2014 : Info: ? Evaluating (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE Fri Jan 31 22:50:48 2014 : Info: +++? if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE Fri Jan 31 22:50:48 2014 : Info: +++if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) { Fri Jan 31 22:50:48 2014 : Info: ++++update request { Fri Jan 31 22:50:48 2014 : Info: expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 485b39e7b03b Fri Jan 31 22:50:48 2014 : Info: expand: %{7} -> USER_SSID Fri Jan 31 22:50:48 2014 : Info: ++++} # update request = noop Fri Jan 31 22:50:48 2014 : Info: +++} # if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) = noop Fri Jan 31 22:50:48 2014 : Info: +++ ... skipping else for request 1: Preceding "if" was taken Fri Jan 31 22:50:48 2014 : Info: ++} # policy rewrite.called_station_id = updated ... - ---[ quotation end ]------------------------------------------- but what is next? so, how to get Called-Station-Id and Called-Station-SSID set to be able to add SSID to user ldap attributes? - -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlLsFQQACgkQr3jpPg/3oyrdogCgn6YZa0otNybkcWo38KHLRomD adsAoKVxMXQhF48JC6unIqdftzrEXZva =oe77 -----END PGP SIGNATURE-----