Evaluate Ldap-Group and SSID for WiFi authorization

Matthew Newton mcn at freeradius.org
Wed Aug 23 19:58:32 CEST 2017


On Wed, 2017-08-23 at 14:09 -0300, Adam Cage wrote:
> Maybe I have to add a new attribute "Called-Station-Id" for each AD
> username ???

The NAS should add that, so if it's not there then you need to look at
the NAS and see if there is an option to add it. Otherwise there might
be another attribute with the SSID in it that you can use.

> Because I've never add it at all in AD and in debug I can
> red *Attribute Called-Station-Id was not found:*
> 
>  Debug: rlm_ldap::ldap_groupcmp: User found in group GROUP1
> Wed Aug 23 14:01:16 2017 : Debug:   [ldap] ldap_release_conn: Release
> Id: 0
...

It makes it *really* hard to tell what's happening without the full
debug output.

Please can you start the server with -X (only -X, not -Xx or similar)
and capture all the debug, right from the FreeRADIUS banner down to the
final Access-Accept or Access-Reject, and post that to the list, rather
than just small bits of it.

-- 
Matthew



More information about the Freeradius-Users mailing list