Alan DeKok wrote:
The "update" section should behave identically to the "if".
It doesn't at the moment. Version 1 policy.conf: testing_module { if (1) { update reply { Reply-Message += "Foo" } } if (1) { update reply { Reply-Message += "Bar" } } ok } Results: $ bin/radtest steve badpass localhost 1 testing123 Sending Access-Request of id 69 to 127.0.0.1 port 1812 User-Name = "steve" User-Password = "badpass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=69, length=25 Reply-Message = "Foo" $ Version 2 policy.conf: testing_module { #if (1) { update reply { Reply-Message += "Foo" } #} #if (1) { update reply { Reply-Message += "Bar" } #} ok } Results: $ bin/radtest steve badpass localhost 1 testing123 Sending Access-Request of id 33 to 127.0.0.1 port 1812 User-Name = "steve" User-Password = "badpass" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=33, length=81 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 172.16.3.33 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Reply-Message = "Foo" Reply-Message = "Bar" $ So: without the 'ifs', the three sections are run sequentially (update, update, ok). With the 'ifs', only the first section is run. Authenticate section has: Auth-Type PAP { pap { ok = return reject = 1 } testing_module } Regards, Brian.