split Called-Station-Id

Fri Jan 31 22:26:28 CET 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi,

please, where am I mistaking?

I need to auth user, comming from via hostapd as client, only if the
user belongs to definite Ldap-Group (works fine via radiusGroupName
attribute set for user LDAP object) and SSID (which I'm unable to pick
- From Called-Station-Id) ...

please advise how to do that correct ... I am trying to do it the way
described here:
http://wiki.freeradius.org/guide/Mac%20Auth#Mac-Auth-authorisation-by-SSID

in debug I see

- ---[ quotation start ]-------------------------------------------
...
rad_recv: Access-Request packet from host 10.241.16.117 port 58063, id=40, length=202
        User-Name = "vudhNrF7zxJJmteIVF/Xzg=="
        NAS-Identifier = "es-student.wrt"
        Called-Station-Id = "48-5B-39-E7-B0-3B:USER_SSID"
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 2
        Calling-Station-Id = "00-BD-3A-69-69-1B"
        Connect-Info = "CONNECT 54Mbps 802.11g"
        Framed-MTU = 1400
        EAP-Message = 0x0254001d01767564684e7246377a784a4a6d74654956462f587a673d3d
        Message-Authenticator = 0x6c46a58131867c13ca7fb318d9d407fd
...
Fri Jan 31 22:50:48 2014 : Info: ++[logintime] = noop
Fri Jan 31 22:50:48 2014 : Info: ++policy rewrite.called_station_id {
...
Fri Jan 31 22:50:48 2014 : Info: ? Evaluating (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE
Fri Jan 31 22:50:48 2014 : Info: +++? if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE
Fri Jan 31 22:50:48 2014 : Info: +++if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) {
Fri Jan 31 22:50:48 2014 : Info: ++++update request {
Fri Jan 31 22:50:48 2014 : Info:        expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 485b39e7b03b
Fri Jan 31 22:50:48 2014 : Info:        expand: %{7} -> USER_SSID
Fri Jan 31 22:50:48 2014 : Info: ++++} # update request = noop
Fri Jan 31 22:50:48 2014 : Info: +++} # if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) = noop
Fri Jan 31 22:50:48 2014 : Info: +++ ... skipping else for request 1: Preceding "if" was taken
Fri Jan 31 22:50:48 2014 : Info: ++} # policy rewrite.called_station_id = updated
...
- ---[ quotation end   ]-------------------------------------------

but what is next?

so, how to get Called-Station-Id and Called-Station-SSID set to be able
to add SSID to user ldap attributes?

- -- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlLsFQQACgkQr3jpPg/3oyrdogCgn6YZa0otNybkcWo38KHLRomD
adsAoKVxMXQhF48JC6unIqdftzrEXZva
=oe77
-----END PGP SIGNATURE-----