Jevos, Peter wrote: > Hi Alan, , thanks , I’ve read it but it’s too complicated and I’m > missing more examples of configurations
The raddb directory *does* come with examples. > If anybody help me with the syntax and code location with this issue: Sorry, but: 1) the "unlang" documentation contains a detailed description of the syntax 2) my previous message gave the *specific* location of where the logic should go. *PLEASE* read the existing documentation and messages on this list. Failure to do so is a major reason for not solving issues. > If requests come from NAS-IP-Address==1.1.1.1 and the > %{mschap:NT-Domain}=vipdomainuser , check them against module > ntlm_auth_vip ( module is already working ) and if pass give them > Cisco-Avpair += "ipsec:addr-pool=vip_vpn_pool" and other optional AVpairs. The "unlang" syntax is pretty much exactly that. It's not that hard. if ((NAS-IP-Address == 1.1.1.1) && "%{mschap:NT-Domain}" = "vipdomainuser")) { update control { Auth-Type := ntlm_auth_vip } update reply { Cisco-AVPair += "ipsec:addr-pool=vip_vpn_pool" } } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html