User login restrictions based on SSID

Eby Mani eby_km at
Mon May 23 14:03:03 CEST 2016

I'm trying to set login restrictions based on SSID. For example users in Sales Group should only connect a particular SSID, etc.. and Support Team should be able to login to any SSID. We have Aruba Controller, which provide SSID in Aruba-Essid-Name attribute in Access-Request and using daloradius for user management.

First i've tried the following to get this working without adding any sql code;

 "Aruba-Essid-Name := ssid_name" in User Group Check attributes - didn't work
 "Aruba-Essid-Name := ssid_name" in User Check attributes - didn't work

And finally using the 'address' column in 'userinfo' TABLE to store SSID info.

And have put the following in authorize {} sites-enabled/default ;

if ("%{sql:SELECT COUNT(*) FROM userinfo WHERE userinfo.username= '%{User-Name}' AND userinfo.address= '%{Aruba-Essid-Name}'} >0")
        else {


No mater which SSID, i'm able to connect.


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-debug.txt
URL: <>

More information about the Freeradius-Users mailing list