User login restrictions based on SSID
Eby Mani
eby_km at yahoo.com
Mon May 23 14:03:03 CEST 2016
I'm trying to set login restrictions based on SSID. For example users in Sales Group should only connect a particular SSID, etc.. and Support Team should be able to login to any SSID. We have Aruba Controller, which provide SSID in Aruba-Essid-Name attribute in Access-Request and using daloradius for user management.
First i've tried the following to get this working without adding any sql code;
"Aruba-Essid-Name := ssid_name" in User Group Check attributes - didn't work
"Aruba-Essid-Name := ssid_name" in User Check attributes - didn't work
And finally using the 'address' column in 'userinfo' TABLE to store SSID info.
And have put the following in authorize {} sites-enabled/default ;
if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username= '%{User-Name}' AND userinfo.address= '%{Aruba-Essid-Name}'} >0")
{
ok
}
else {
reject
}
sql
No mater which SSID, i'm able to connect.
Thanks,
Eby
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-debug.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160523/d5535769/attachment-0001.txt>
More information about the Freeradius-Users
mailing list