Limiting Wifi Access

Roy Kartadinata rkartadinata at pocket.com
Mon Jun 23 23:46:27 CEST 2008 

Thanks, that helps a lot. :-)

 

 

 

Cheers,

 

Roy Kartadinata



 

________________________________

From: freeradius-users-bounces+rkartadinata=pocket.com at lists.freeradius.org [mailto:freeradius-users-bounces+rkartadinata=pocket.com at lists.freeradius.org] On Behalf Of Arran Cudbard-Bell
Sent: Monday, June 23, 2008 4:15 PM
To: FreeRadius users mailing list
Subject: Re: Limiting Wifi Access

 

 

On 23 Jun 2008, at 21:01, Ivan Kalik wrote:





Run server in debug mode. Is SSID appearing in some attribute in
Access-Request?

 

It's usually in the Called-Station-Id attribute:

 

<radio-mac>:<ssid>

 

# Rewrite calling station id and called station id attributes 
# into a standard format.
# If a 6th seperator is present write the trailing chars into Called-Station-SSID
if("%{Called-Station-Id}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i){
        update request {
               Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
               Called-Station-SSID := "%{7}"
        }
}

That generally works in FR 2.0* , though you have to define Called-Station-SSID as a local attribute, see etc/raddb/dictionary for examples.

 





Ivan Kalik
Kalik Informatika ISP


Dana 23/6/2008, "Roy Kartadinata" <rkartadinata at pocket.com> piše:




Hi guys,

	 

	 

	 

	We're trying to centralize our corporate wifi authentication using

	freeradius. So far, I was able to get user to authenticate based on NAS

	IP (I got access to multiple NAS working as well) and Mac Address. Is it

	possible to also limit their access per SSID? The reason for this is

	because one of our locations, our HQ, has 3 SSID and only certain people

	have access to certain SSID but I'm not sure if this will conflict with

	already working NAS checking. Our HQ is using Cisco Wireless LAN

	Controller so all 3 SSID will connect to radius using the same NAS IP.

	 

	 

	 

	 

	 

	 

	 

	 

	 

	Cheers,

	 

	 

	 

	Roy Kartadinata

	 

	 

	 

	 

	 

	 

	 

	 

	 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080623/a4984a0b/attachment.html>

More information about the Freeradius-Users mailing list