Failed retrieving values required to evaluate condition

Christoph Litauer litauer at
Tue Apr 30 11:07:54 CEST 2019

Dear Freeradius-Users,

I am not an experienced radius admin, so maybe you can give me a hint. I read the manuals, the logs and google, but without success.

My wlan users authenticate themselves against eap/ldap. But for guests I generate a file with credentials. This worked for some years now.
Because of changing root certificates I had to introduce two different eap-configurations (eap and eapoldca). These are used in the default site and inner-tunnel site via switch that decides on the outer User-Name which certificates are used. So I changed

               eap {
                       ok = return

       if (&User-Name == "eduroam at") {
               eap {
                       ok = return
       } else {
               eapoldca {
                       ok = return

This works for all wlan users except guests. If a guest tries to authenticate, at the end I get
(8)       if (&Called-Station-SSID == "ubnt") {
(8)       ERROR: Failed retrieving values required to evaluate condition

This is because Called-Station-SSID is unset at this point. I don't think this is the root cause, instead the reason seems to be, that the "ok = return" statements exit the if ()-clause but not the authorize section. 
But as I said, I am not an expert ...

You will find sites-enabled/{default,inner-tunnel}, mods-enabled/eap und a log file here:
The radius log was generated while trying to connect to SSID ubnt using test/test as authentication. 

Any help is greatly appreciated.

Kind regards
Uni Koblenz, Computing Centre, Office A 022    
Postfach 201602, 56016 Koblenz     
Fon: +49 261 287-1311, Fax: -100 1311

More information about the Freeradius-Users mailing list