People, good morning...I have a Freeradius with AD authentication and LDAP authorization working OK. Now I have to authorize users that belong to GROUP1 and have SSID = Free, I have these definitions: - GROUP1 is a group defined in the AD - SSID comes with Called-Station-Id in the form MAC Address:SSID, for example "51:bc:11:e1:34:70:Free", and it's not defined i the AD - The clause defined in default and inner-tunnel files is: if (LDAP-Group == "GROUP1" && Called-Station-Id == "*:Free") { update reply { Reply-Message = "Hello %{User-Name}: Access allowed" } ok } else { reject After testing, I fail and this is the debug: Wed Aug 23 09:34:58 2017 : Debug: rlm_ldap::ldap_groupcmp: User found in group GROUP1 Wed Aug 23 09:34:58 2017 : Debug: [ldap] ldap_release_conn: Release Id: 0 Wed Aug 23 09:34:58 2017 : Info: ? Evaluating (LDAP-Group == "GROUP1" ) -> TRUE Wed Aug 23 09:34:58 2017 : Info: (Attribute Called-Station-Id was not found) Wed Aug 23 09:34:58 2017 : Info: ? Evaluating (Called-Station-Id == "*:Free") -> FALSE Wed Aug 23 09:34:58 2017 : Info: ++? if (LDAP-Group == "GROUP1" && Called-Station-Id == "*:Free") -> FALSE Wed Aug 23 09:34:58 2017 : Info: ++else else { Wed Aug 23 09:34:58 2017 : Info: +++[reject] = reject Wed Aug 23 09:34:58 2017 : Info: ++} # else else = reject Wed Aug 23 09:34:58 2017 : Info: +} # group authorize = reject Wed Aug 23 09:34:58 2017 : Info: Using Post-Auth-Type REJECT Wed Aug 23 09:34:58 2017 : Info: # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel Wed Aug 23 09:34:58 2017 : Info: +group REJECT { Can you help me please? Thanks in advance. ADAM