Limit access of a SSID to a certain LDAP group

qrt qrt at
Wed Jan 14 14:23:57 CET 2009


I really apprecitate your help.

Even though I understand what you are saying, I have no idea where to  
start looking for the SSID.

As far as I can tell, the SSID is not in the request and neither in  
the NAS-Identifier.

A typical log entry looks like this:

Wed Jan 14 13:03:20 2009 : Auth: Login OK: [the_user/<no User-Password  
attribute>] (from client Cisco 4402 port 29 cli 00-22-69-0A-46-62)

Could you clarify that or give me an example?



On 14.01.2009, at 14:16, <tnt at> <tnt at> wrote:

>> I need to have different WLANs for different Users who are in LDAP
>> groups.
>> The user of group A should be able to use WLAN A but not WLAN B and  
>> so
>> on.
>> How on earth do I configure this?
> Where is SSID in the request? Called-Station-Id? NAS-Identifier?
> DEFAULT   Ldap-Group == whatever, regex check on the attribute which
> holds SSID
> DEFAULT   Ldap-Group == another, same for second SSID
> etc.
> DEFAULT   Auth-Type := Reject (force reject on those that don't match)
> You can also return group/SSID combination specific attributes there.
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list