Using NAS-Identifier with login criteria

Brian Boere brian.boere at
Sun Apr 12 14:09:13 CEST 2015

Got it working this morning!

Changed the policy to be:

	my_policy {
	if (NAS-Identifier =~ /^Rad_test2/) {
		if ( Ldap-Group != "cn=Corporate Wireless Network,ou=ou,o=org" ) {
			update request {
				Success = "Hello %{User-Name} you are allowed to use wireless network %{NAS-Identifier}"
			else {
			update request {
				Disallowed = "Hello %{User-Name} you are NOT allowed to use wireless network %{NAS-Identifier}"

(also had to had to add lines to the dictionary file for the two update request lines)
(did the update request lines just to see the success/disallow in the logs.)

Seems to be working the way we want it to.  All users that have an edirectory account can connect to the other wireless network, and only members of the "Corporate Wireless Network" edirectory group can connect to wireless network "Rad_test2".

If there is something wrong with the policy, please point it out.



More information about the Freeradius-Users mailing list