Hi, I have test your solution like that :
# defaults update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := "unauthorised" Termination-Action := RADIUS-Request Session-Timeout := 300 Acct-Interim-Interval := 3600 } if (request:User-Name =~ /^.{3,4}$/) { update reply { Tunnel-Private-Group-Id := "staff" } } elsif (request:User-Name =~ /^.{7,8}$/) { update reply { Tunnel-Private-Group-Id := "student" } } if (reply:Tunnel-Private-Group-Id != "unauthorised") { update reply { # Cisco only support a max of 65535 Session-Timeout := 64800 } } But, if I test with this account : "aaaaaaa" (7 letters), I have a reponse like that : Tunnel-Private-Group-Id:0 = "staff". This is not correct And I have place this code in this file /site-enabled/default in the section post-auth. Is that correct ? Thanks ----- >From Switzerland -- View this message in context: http://freeradius.1045715.n5.nabble.com/Multiple-ldap-freeradius-ssid-tp4399529p4405854.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html