I have the following in my sites-available/default: authorize { ...
# Allow only NET Staff members to log into BAND and HAPF if (Ldap-Group == "NET Staff" && (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address == "192.168.6.4")) { update reply { Passport-Access-Priority = 6 } } # Reject everyone else elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address == "192.168.6.4") { reject = 1 } ... What I want is to only allow NET Staff members to log in and reject everyone else who tries to log into these resources. I'm getting the following in my log: Tue Mar 13 12:55:32 2012 : Info: ++? elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address == "192.168.6.4") -> TRUE Tue Mar 13 12:55:32 2012 : Info: ++- entering elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address == "192.168.6.4") {...} Tue Mar 13 12:55:32 2012 : Info: +++- elsif (NAS-IP-Address == "192.168.6.5" || NAS-IP-Address == "192.168.6.4") returns notfound Tue Mar 13 12:55:32 2012 : Info: ++- group authorize returns notfound What is the correct syntax to reject this way? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html