WLAN SSID:

[Armin Meier]

Hello!
I configured freeradius to authenticate my WLAN Clients over Active 
Directory. Depending on the Group Membership. Also i configured multiple 
SSIDs on my WLAN switch, so a client request in freeradis debug output 
includes the following Attributes:

rad_recv: Access-Request packet from host 172.21.254.100 port 32775, 
id=40, length=402
         Acct-Multi-Session-Id = 
"00-0F-61-50-B7-B0-00-21-5C-40-BD-77-4C-6B-A5-8B-00-04-72-98"
         Acct-Session-Id = "4295d4b3-00000118"
         NAS-Port = 275
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "msm710"
         NAS-IP-Address = 172.21.254.101
         Framed-MTU = 1496
         User-Name = "myDomain\\myUser"
         Calling-Station-Id = "00-21-5C-40-BD-77"
         Called-Station-Id = "00-0F-61-50-B7-B0"
         Service-Type = Framed-User
         EAP-Message = 
0x0277002d1900170301002293ed3bcfbb751eb66e4c737a442b8a2cf55f4a7812bfc8829d4a00049e221bce4309
         State = 0x50052ead557237c49cf458a2fbedd583
         Colubris-AVPair = "ssid=guest-wlan"
         Colubris-AVPair = "incoming-vlan-id=152"
         Colubris-AVPair = "group=internal"
         Colubris-AVPair = "vsc-unique-id=1"
         Colubris-AVPair = "phytype=IEEE802dot11g"
         Colubris-Attr-250 = 0x00000002
         Colubris-Attr-249 = 0xac157909
         Message-Authenticator = 0x8d9162f11111ae7f047641224f07213a

My goal is to move authorized users depending on the SSID to a different 
VLAN, i tried the following in the "hints" file, but that does not work, 
can somebody help me?

DEFAULT Colubris-AVPair =~ ".*guest-wlan.*"
         Reply-Message = "Hints",
         Framed-Protocol = "PPP",
         Service-Type = "Framed",
         Tunnel-Type := "VLAN",
         Tunnel-Medium-Type := "IEEE-802",
         Tunnel-Private-Group-Id := "120"

I Expected that the Attributes set in the "hints" file and the ones set 
in the "users" file are merged in the reply from freeradius, but that 
seems not so.