Group membership by SSID

Matthew Newton mcn4 at
Tue Feb 28 12:15:55 CET 2017

On Tue, Feb 28, 2017 at 12:04:33PM +0100, Ethariel wrote:
> FreeRADIUS Version 2.2.8, for host x86_64-pc-linux-gnu, built on Apr

Version 2 is obsolete; you should upgrade to version 3.

> I wish to have a variable in modules/mschap linked to SSID.
> --require-membership-of=DOMAIN/Group1 for Name_Lan
> --require-membership-of=DOMAIN/Group2 for Name_Perso
> I don't find how to replace Group1 and Group2 with a variable

In the same way as all the other attributes on the ntlm_auth line
(which I presume you're using for this): %{Attribute-Name}.

> (which variable ?).

You could use one of the standard temporary attributes, such as

> As I understand the unlang doc I cannot create new variables.

or add your own as explained in raddb/dictionary.

They're RADIUS attributes, not "variables".

> TL;DR : how to test user group in AD based on SSID ?

Best way at present is to use LDAP by configuring the rlm_ldap module.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list