User login restrictions based on SSID
Sylvain Munaut
s.munaut at whatever-company.com
Tue May 24 16:30:21 CEST 2016
Hi,
> I'm trying to set login restrictions based on SSID. For example users in Sales Group should only connect a particular SSID, etc.. and Support Team should be able to login to any SSID. We have Aruba Controller, which provide SSID in Aruba-Essid-Name attribute in Access-Request and using daloradius for user management.
>
> First i've tried the following to get this working without adding any sql code;
>
> "Aruba-Essid-Name := ssid_name" in User Group Check attributes - didn't work
> "Aruba-Essid-Name := ssid_name" in User Check attributes - didn't work
First off, check :
http://wiki.freeradius.org/config/Operators
The := is an "assignement" sort of thing, as a check item it always
returns true.
If you use "==" in the "User Check attributes ", I think it'll do what
you want (could depends on a lot of other stuff in your config).
Because the user check won't match and so the "Clear-Text-Password"
assignment won't be done and without password set, the MSCHAPv2 will
fail.
Cheers,
Sylvain
More information about the Freeradius-Users
mailing list