why is Called-Station-SSID not processed?
vilpalu
vilius.palubinskas at ktu.lt
Wed Aug 5 09:08:42 CEST 2015
hello,
before check if you want get data from ldap you can just launch ldap module:
preprocess
rewrite_called_station_id
ldap
if(Called-Station-SSID=="%{request:Station-SSID}") {
ok
}
else {
reject
}
On 08/06/2015 12:35 AM, Zeus Panchenko wrote:
> Alan DeKok <aland at deployingradius.com> wrote:
>>>> And just doing a comparison is not enough, either. What do you want it to *do* when the comparison matches?
>>>
>>> I want it to be part of the condition for access allowing
>>>
>>> if Called-Station-SSID configured in LDAP matches the one processed from
>>> Called-Station-Id, then access is to be allowed, otherwise not
>>
>> So... set it to reject the user if the Calling-Station-Id doesn't match.
>
> does it mean to hardcode all my access points data ... because MAC
> addresses differ but SSID part is the same
>
>>> ---[ quotation start ]-------------------------------------------
>>> DEFAULT Ldap-Group == "wifi-xyz", Called-Station-SSID == "SSID_ALLOWED", User-Profile := "cn=wifi-xyz,ou=profiles,ou=RADIUS,dc=xyz"
>>> Reply-Message := "%{User-Name}, SSID: %{Called-Station-SSID} access was permited to you.",
>>> Fall-Through = no
>>> ---[ quotation end ]-------------------------------------------
>>>
>>> but how to do that now via LDAP?
>>
>> I'm not sure. You can use that exact configuration in v3, so why not try that?
>
> yes, I believe it'll work too ... but why use data in file when I
> configured almost all I need in LDAP? Isn't it be more flexible to hold
> that data in LDAP?
>
> I just do not know how to say FR to use LDAP attribute radiusCheckItem
> value "Called-Station-SSID == SSID_ALLOWED" to check it against
> processed one from Called-Station-Id ... can it be done, indeed, please?
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list