v3.0.10: how to specify allowed SSID list in users file?

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Nov 14 10:44:02 CET 2016


> I want authenticate WiFi users on freeradius-3.0.10. AP provides several
> SSIDs and I want certain users to be able connect just to certain SSIDs.
> Users are few, and I want for AAA use files module. My idea is use
> notation something like this (in users file mods-config/files/authorize):
> tom   Cleartext-Password := "to", Wifi-Allowed = "SSID1,SSID2"
> pepa  Cleartext-Password := "pp", Wifi-Allowed = "SSID1"
> petr  Cleartext-Password := "pe", Wifi-Allowed = "SSID3"
> and then test it in default server "authorize" section somewhere after
> "files" module specification with unlang code something as:

you've got this slightly mixed up.  the above lines in files
are CHECK items.....so when the request hits the files module it will be looking
to see that all those items match.  they wont as Wifi-Allowed is a construct
that you have made.....and hasnt been set yet..... 

if you run in debug mode and take time to read the output and logic you
will see what is happening

> switch &Called-Station-SSID {
>     case "SSID1" {
>         if (&control:Wifi-Allowed =~ /.*SSID1.*/ ) {
>              ok
>         } else {
>              reject
>         }
>     }
>     case "SSID2" {
>         if (&control:Wifi-Allowed =~ /.*SSID2.*/ ) {
>              ok
>         } else {
>              reject
>         }
>     }

so...for this to work I think all you need to do is slip the 'Wifi-Allowed' value to be a reply item
in the users file....and then change your unlang to &reply:Wifi-Allowed instead of control eg

pepa  Cleartext-Password := "pp"
	Wifi-Allowed = "SSID1"

switch &Called-Station-SSID {
     case "SSID1" {
         if (&reply:Wifi-Allowed =~ /.*SSID1.*/ ) {
         } else {

or somesuch.....  there are better ways of doing this but if you're invested in this route then that should
get you going


More information about the Freeradius-Users mailing list