why is Called-Station-SSID not processed?

Alan DeKok aland at deployingradius.com
Tue Aug 4 21:48:56 CEST 2015


On Aug 4, 2015, at 8:15 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:

> Alan DeKok <aland at deployingradius.com> wrote:
>> On Aug 4, 2015, at 2:05 PM, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
>>> I hoped if I set radiusCheckItem: Called-Station-SSID := 'SSID_ALLOWED'
>> 
>>  See the wiki for the meaning of the operators.  ":=" is an assignment operator.  It doesn't do comparisons.
> 
> yes, understood ... it has to be `==' 
> 
>>  And just doing a comparison is not enough, either.  What do you want it to *do* when the comparison matches?
> 
> I want it to be part of the condition for access allowing
> 
> if Called-Station-SSID configured in LDAP matches the one processed from
> Called-Station-Id, then access is to be allowed, otherwise not

  So... set it to reject the user if the Calling-Station-Id doesn't match.

>> You have to write that down, too.
> 
> what is the right place to do that? 
> 
> It was working for me when I did it in v.2.x users file this way:
> 
> ---[ quotation start ]-------------------------------------------
> DEFAULT Ldap-Group == "wifi-xyz", Called-Station-SSID == "SSID_ALLOWED", User-Profile := "cn=wifi-xyz,ou=profiles,ou=RADIUS,dc=xyz"
>        Reply-Message := "%{User-Name}, SSID: %{Called-Station-SSID} access was permited to you.",
>        Fall-Through = no
> ---[ quotation end   ]-------------------------------------------
> 
> but how to do that now via LDAP?

  I'm not sure.  You can use that exact configuration in v3, so why not try that?

  Alan DeKok.




More information about the Freeradius-Users mailing list