Authentication based on the user groups

Alan DeKok aland at
Wed Mar 12 00:55:52 CET 2014

Kitty Chan wrote:
> I have setup a Freeradius server to serve as the authentication server
> for Ruckus Wifi system.  The backend directory server is Openldap.  I
> can successfully authenticate users.  
> Now I want to setup two wifi SSID.  The "staff" SSID will authenticate
> to users belonging to the "staff" group in the Openldap directory and
> the "student" SSID shall authenticate to users belonging to the
> "student" group.  What is the right way to configure this in Freeradius?

  The SSID is placed into the Called-Station-Id attribute.  It's not
perfect, but it works.

  You should do something like the following:

authorize {

	if ((Called-Station-Id =~ /:student/) &&
	    (LDAP-Group != "student")) {

	if ((Called-Station-Id =~ /:staff/) &&
	    (LDAP-Group != "staff")) {


  Of course, change the names for the actual SSID names, and LDAP grou[

  Alan DeKok.

More information about the Freeradius-Users mailing list