On 23 Jun 2008, at 21:01, Ivan Kalik wrote:
Run server in debug mode. Is SSID appearing in some attribute in
Access-Request?
It's usually in the Called-Station-Id attribute:
<radio-mac>:<ssid>
# Rewrite calling station id and called station id attributes
# into a standard format.
# If a 6th seperator is present write the trailing chars into Called-
Station-SSID
if("%{Called-Station-Id}" =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?
([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})
[-:]?([-a-z0-9_.]*)?/i){
update request {
Called-Station-Id := "%{1}%{2}%{3}%{4}%{5}%{6}"
Called-Station-SSID := "%{7}"
}
}
That generally works in FR 2.0* , though you have to define Called-
Station-SSID as a local attribute, see etc/raddb/dictionary for
examples.
Ivan Kalik
Kalik Informatika ISP
Dana 23/6/2008, "Roy Kartadinata" <[EMAIL PROTECTED]> piše:
Hi guys,
We're trying to centralize our corporate wifi authentication using
freeradius. So far, I was able to get user to authenticate based on
NAS
IP (I got access to multiple NAS working as well) and Mac Address.
Is it
possible to also limit their access per SSID? The reason for this is
because one of our locations, our HQ, has 3 SSID and only certain
people
have access to certain SSID but I'm not sure if this will conflict
with
already working NAS checking. Our HQ is using Cisco Wireless LAN
Controller so all 3 SSID will connect to radius using the same NAS
IP.
Cheers,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html