Evaluate Ldap-Group and SSID for WiFi authorization

Wed Aug 23 15:06:37 CEST 2017

People, good morning...I have a Freeradius with AD authentication and LDAP
authorization working OK.

Now I have to authorize users that belong to GROUP1 and have SSID = Free, I
have these definitions:

- GROUP1 is a group defined in the AD

- SSID comes with Called-Station-Id in the form  MAC Address:SSID, for
example "51:bc:11:e1:34:70:Free", and it's not defined i the AD

- The clause defined in default and inner-tunnel files is:

if (LDAP-Group == "GROUP1" &&  Called-Station-Id == "*:Free") {
                        update reply {
                                Reply-Message = "Hello %{User-Name}: Access
allowed"
                        }
                        ok
                }
else {
                reject

After testing, I fail and this is the debug:

Wed Aug 23 09:34:58 2017 : Debug: rlm_ldap::ldap_groupcmp: User found in
group GROUP1
Wed Aug 23 09:34:58 2017 : Debug:   [ldap] ldap_release_conn: Release Id: 0
Wed Aug 23 09:34:58 2017 : Info: ? Evaluating (LDAP-Group == "GROUP1" ) ->
TRUE
Wed Aug 23 09:34:58 2017 : Info:     (Attribute Called-Station-Id was not
found)
Wed Aug 23 09:34:58 2017 : Info: ? Evaluating (Called-Station-Id ==
"*:Free") -> FALSE
Wed Aug 23 09:34:58 2017 : Info: ++? if (LDAP-Group == "GROUP1" &&
 Called-Station-Id == "*:Free") -> FALSE
Wed Aug 23 09:34:58 2017 : Info: ++else else {
Wed Aug 23 09:34:58 2017 : Info: +++[reject] = reject
Wed Aug 23 09:34:58 2017 : Info: ++} # else else = reject
Wed Aug 23 09:34:58 2017 : Info: +} # group authorize = reject
Wed Aug 23 09:34:58 2017 : Info: Using Post-Auth-Type REJECT
Wed Aug 23 09:34:58 2017 : Info: # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
Wed Aug 23 09:34:58 2017 : Info: +group REJECT {

Can you help me please?

Thanks in advance.

ADAM