why is Called-Station-SSID not processed?
Zeus Panchenko
zeus at ibs.dn.ua
Wed Aug 5 23:35:53 CEST 2015
Alan DeKok <aland at deployingradius.com> wrote:
> >> And just doing a comparison is not enough, either. What do you want it to *do* when the comparison matches?
> >
> > I want it to be part of the condition for access allowing
> >
> > if Called-Station-SSID configured in LDAP matches the one processed from
> > Called-Station-Id, then access is to be allowed, otherwise not
>
> So... set it to reject the user if the Calling-Station-Id doesn't match.
does it mean to hardcode all my access points data ... because MAC
addresses differ but SSID part is the same
> > ---[ quotation start ]-------------------------------------------
> > DEFAULT Ldap-Group == "wifi-xyz", Called-Station-SSID == "SSID_ALLOWED", User-Profile := "cn=wifi-xyz,ou=profiles,ou=RADIUS,dc=xyz"
> > Reply-Message := "%{User-Name}, SSID: %{Called-Station-SSID} access was permited to you.",
> > Fall-Through = no
> > ---[ quotation end ]-------------------------------------------
> >
> > but how to do that now via LDAP?
>
> I'm not sure. You can use that exact configuration in v3, so why not try that?
yes, I believe it'll work too ... but why use data in file when I
configured almost all I need in LDAP? Isn't it be more flexible to hold
that data in LDAP?
I just do not know how to say FR to use LDAP attribute radiusCheckItem
value "Called-Station-SSID == SSID_ALLOWED" to check it against
processed one from Called-Station-Id ... can it be done, indeed, please?
--
Zeus V. Panchenko jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150805/42c6381c/attachment-0001.sig>
More information about the Freeradius-Users
mailing list