control authentication/authorization by SSID
Alan DeKok
aland at deployingradius.com
Wed Oct 7 21:14:37 CEST 2020
On Oct 7, 2020, at 12:39 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:
>
> I've been reviewing:
> https://wiki.freeradius.org/guide/Mac-Auth#additional-modifications_mac-auth-authorisation-by-ssid
Some of the Wiki is a little out of date, but it's mostly correct. We're working on that.
> I have two SSIDs. One of them is mac-auth and the other is .1x. My
> wireless environment presents freeradius with %{Aruba-Essid-Name} to denote
> the SSID. If I am interpreting the above documentation correctly, it
> suggests that I alter what I'm storing in the mac address database to also
> include the SSID so it can compare both the mac address and the SSID.
> However, as we don't have multiple SSIDs that do mac auth, is it possible
> to create some sort of logic in the authorize section based on SSID?
> Something like:
>
> if %{Aruba-Essid-Name} == "mac-auth ssid" { do mac auth}
> elif %{Aruba-Essid-Name} == ".1x ssid" {do eap}
> else {reject}
>
> That seems like a simpler solution,especially since it doesn't require me
> to mess with the database of mac addresses. Any input would be appreciated.
You can do pretty much exactly what you said.
Alan DeKok.
More information about the Freeradius-Users
mailing list