FREERADIUS - Filter User to login to a certain SSID

fmroeira86

Hi!

I've configured the freeradius package and everything is working (EAP MSCHAPv2).

I want some users to be allowed to connect only to a specific SSID.

I tried something like:

Called-Station-Id =~ ".*(:MY SSID)$"

On CHECK-ITEM but as soon as I do that the user can't authenticate:

(8) Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [my.user] (from client AP01 port 0 via TLS tunnel)

Any hint?

Thank you!

NogBadTheBad

@fmroeira86 said in FREERADIUS - Filter User to login to a certain SSID:

I want some users to be allowed to connect only to a specific SSID.

What do the others that use FreeRADIUS use their ID's for VPN ?

If the above is the case you could add as a check item on the VPN users NAS-Identifier == strongSwan

Try doing a radsnif -x from a ssh to the router you may get some clues.

fmroeira86

@nogbadthebad

Hi!

I don't use that for VPN access, only for WIFI access.

As I described I'm using this Check-item:

Called-Station-Id =~ ".*(:MY SSID)$"

When I use it the authentication fails:
Login incorrect (mschap: FAILED: No NT/LM-Password. Cannot perform authentication): [my.user] (from client AP01 port 0 via TLS tunnel)

When I remove that the user authenticates.

fmroeira86

No Ideas? :(