Authentication based on the user groups
Alan DeKok
aland at deployingradius.com
Wed Mar 12 00:55:52 CET 2014
Kitty Chan wrote:
> I have setup a Freeradius server to serve as the authentication server
> for Ruckus Wifi system. The backend directory server is Openldap. I
> can successfully authenticate users.
> Now I want to setup two wifi SSID. The "staff" SSID will authenticate
> to users belonging to the "staff" group in the Openldap directory and
> the "student" SSID shall authenticate to users belonging to the
> "student" group. What is the right way to configure this in Freeradius?
The SSID is placed into the Called-Station-Id attribute. It's not
perfect, but it works.
You should do something like the following:
authorize {
...
if ((Called-Station-Id =~ /:student/) &&
(LDAP-Group != "student")) {
reject
}
if ((Called-Station-Id =~ /:staff/) &&
(LDAP-Group != "staff")) {
reject
}
...
}
Of course, change the names for the actual SSID names, and LDAP grou[
names.
Alan DeKok.
More information about the Freeradius-Users
mailing list