Hi ! I have a problem in my post-auth configuration. I have write this with the help of my other topic in this forum:
update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := "unauthorised" Termination-Action := RADIUS-Request Session-Timeout := 300 Acct-Interim-Interval := 3600 } if ("%{Aruba-Essid-Name}" == "ssid_student") { if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+@students.XXX.ch/) { update reply { Tunnel-Private-Group-Id := "std" Aruba-User-Role := "std" } } else { update reply { Tunnel-Private-Group-Id := "std_false" Aruba-User-Role := "std_false" } } } elsif ("%{Aruba-Essid-Name}" == "ssid_staff") { if ("%{reply:MailUtilisateur}" =~ /^[a-z0-9._-]+@XXX.ch/) { update reply { Tunnel-Private-Group-Id := "staff" Aruba-User-Role := "staff" } } else { update reply { Tunnel-Private-Group-Id := "staff_false" Aruba-User-Role := "staff_false" } } And this is the result of radiusd -X : # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} [reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/153.109.XXX/reply-detail-20110615 [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/153.109XXX/reply-detail-20110615 [reply_log] expand: %t -> Wed Jun 15 15:55:01 2011 ++[reply_log] returns ok ++[exec] returns noop ++[reply] returns noop ++? if ("%{Aruba-Essid-Name}" == "ssid_student") expand: %{Aruba-Essid-Name} -> ssid_staff ? Evaluating ("%{Aruba-Essid-Name}" == "ssid_student") -> FALSE ++? if ("%{Aruba-Essid-Name}" == "ssid_student") -> FALSE Sending Access-Accept of id 247 to 153.109.XXX port 32834 MS-MPPE-Recv-Key = 0x90169c2ffb6f14c1aa01efed861f32c21da05dfb0e43bea0a5b8aa72d63626d6 MS-MPPE-Send-Key = 0xefa74ededebd9066dadc8b0d369884155e9a73e9685241f408afbdc3e1a8de3e EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "sgistpi" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "unauthorised" Termination-Action = RADIUS-Request Session-Timeout = 300 Acct-Interim-Interval = 3600 Just like it say, Aruba-Essid-Name is : "expand: %{Aruba-Essid-Name} -> ssid_staff", but it doesn't work with my if. Why is it not going to the elsif ? Can you help me ? Thanks ! ----- >From Switzerland -- View this message in context: http://freeradius.1045715.n5.nabble.com/If-in-post-auth-tp4491348p4491348.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html