FreeRadius 3.0.13 - Using SSID to check AD groups

Alan DeKok aland at
Tue Apr 4 14:38:09 CEST 2017

On Apr 4, 2017, at 7:47 AM, Pierre de Jong <pierredejong at> wrote:
>> UNABLE to use "%{Called-Station-SSID}"  (nor %Called-Station-SSID)
> What do you mean by "unable to use"?
> I mean that when i try to "show" the %{Called-Station-SSID} ..... like, in
> a message, we do a" ## %{user} - %{Called-Station-SSID} ## --> it returns:
> ## username - ##
> That is what I mean.

  Then at the Called-Station-Id isn't available at that point.

> I will send and radiusd -X output soon...
> But YES, in the radiusd -X, I can see that Called-Station-SSID is set to a
> "RIGHT" value.... but we do not seem to be able to use it "anywhere".

  I doubt that very much.

  Put that check at the start of the "authorize" section, in the default virtual server.  You *will* see it.

  My guess is that you're trying to expand it in the "inner-tunnel" virtual server, where it's not available.  There are solutions for that.

  Again, as always... a *careful* reading of the debug output will show this.  The server tells you what attributes are received, and what attributes are sent to the inner-tunnel virtual server.

  Alan DeKok.

More information about the Freeradius-Users mailing list