FreeRadius 3.0.13 - Using SSID to check AD groups

Alan DeKok aland at
Wed Apr 5 16:54:35 CEST 2017

On Apr 5, 2017, at 10:27 AM, Pierre de Jong <pierredejong at> wrote:
> As promised, I send you an radiusd -X output. complete.
> I see that straight at the beginning,  policy rewrite_called_station_id  is
> done.
> --> EXPAND %{Called-Station-SSID}
> (0)                --> TSSID1
> even with that, as I said, I cannot use that "%{Called-Station-SSID}
> anywhere else than in "post-auth"...

  That's just not true.  If Called-Station-SSID exists, you can use it.  If it doesn't exist, you can't use it.  The debug log shows when and where it exists.

> Is that normal?
> Do you see "horror" in those logs ? :-D

  The debug log shows:

1) Called-Station-SSID being used by the rewrite_called_station_id policy

2) Called-Station-SSID being used in post-auth

  If you want to show that it's not available elsewhere, you have to post a debug log where you try to USE IT elsewhere, and then show it doesn't work.

  Right now, the debug log shows nothing useful.

  Please also go back and read my previous message.  You need to READ the debug log, and you need to understand what you're editing.

  I said: * My guess is that you're trying to expand it in the "inner-tunnel" virtual server, *

  Are you doing that?  WHERE are you trying to use it?

  Again, all you're doing is saying "it works here", and posting debug logs showing it works there.  You're not saying where else it doesn't work (other than "everywhere", which is unhelpful), and you're not showing the debug logs of you trying to use it elsewhere.

  This is basic debug methods.  Ask good questions, tell people what you're doing, compare what you've done to what happens...

  Alan DeKok.

More information about the Freeradius-Users mailing list