diff --git a/freeradius/auth.py b/freeradius/auth.py
index 5ca12602..f8451c46 100644
--- a/freeradius/auth.py
+++ b/freeradius/auth.py
@@ -298,7 +298,7 @@ def authorize_wifi(data):
         # Kludge : vlan isolement pas possible, donc reject quand-même
         if not WIFI_DYN_VLAN and bl.value['type'] in BL_ISOLEMENT:
             return radiusd.RLM_MODULE_REJECT
-            
+
 
     if not machine.get('ipsec', False):
         logger.error('WiFi auth but machine has no password')
@@ -372,9 +372,16 @@ def authorize_nas(data, ldap):
     ip = data.get('NAS-Identifier', '')
     is_v6 = ':' in ip
     ip_stm = ("FreeRADIUS-Client-IP%s-Address" % ('v6'*is_v6, ), ip)
-    
+
     # Find machine
-    base_filter = u'(|(objectClass=machineCrans)(objectClass=borneWifi))'
+    # On rajoute les Machines du club federez au base_filter (federez-wifi):
+    fed = ldap.search(u'(nom=Federez)')[0]
+    mach_fed = fed.machines()
+    base_filter = u'(|(objectClass=machineCrans)(objectClass=borneWifi)'
+    for mach in mach_fed:
+        base_filter = base_filter + "(mid=%s)" % mach['mid'][0]
+    base_filter = base_filter + u')'
+
     if is_v6:
         addr = netaddr.IPAddress(ip).value
         # EUI64, hein ?
@@ -386,7 +393,7 @@ def authorize_nas(data, ldap):
         m_filter = u'(macAddress=%s)' % mac
     else:
         m_filter = u'(ipHostNumber=%s)' % escape_ldap(ip)
-    
+
     machines = ldap.search(u'(&%s%s)' % (base_filter, m_filter))
 
     if not machines: