Hi, I was using the following syntax on Freeradius 2.x to determine if a user could connect to a particular IP address, even if the authentication succeeds, based on some parameters passed to a script: XXX747 Auth-Type = System, Realm == imp Service-Type := Login-User, cisco-avpair = "shell:priv-lvl=2", Exec-Program-Wait = "/opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address} %{User-Name} %{Realm}" It worked on my old 2.x installation, now I'm on the last version available on Red Hat Enterprise 7, which is 3.0.13-10.el7_6. The syntax gives no error, but the script is not invoked (it contains an invocation to logger system command to put an entry in /var/log/messages and I can't see it), even if the above entry in the users (authorize) file is mached. What could be the problem? If this is the wrong way to implement this check can you give me an hint on how should I do it on 3.x Freeradius installation? Wed Jun 19 17:01:52 2019 : Debug: (12) files: users: Matched entry XXX747 at line 497 Wed Jun 19 17:01:52 2019 : Debug: /opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address} %{User-Name} %{Realm} Wed Jun 19 17:01:52 2019 : Debug: Parsed xlat tree: Wed Jun 19 17:01:52 2019 : Debug: literal --> /opt/script/radius/bin/check_operator_access.sh Wed Jun 19 17:01:52 2019 : Debug: attribute --> NAS-IP-Address Wed Jun 19 17:01:52 2019 : Debug: literal --> Wed Jun 19 17:01:52 2019 : Debug: attribute --> User-Name Wed Jun 19 17:01:52 2019 : Debug: literal --> Wed Jun 19 17:01:52 2019 : Debug: attribute --> Realm Wed Jun 19 17:01:52 2019 : Debug: (12) files: EXPAND /opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address} %{User-Name} %{Realm} Wed Jun 19 17:01:52 2019 : Debug: (12) files: --> /opt/script/radius/bin/check_operator_access.sh 172.16.120.218 XXX747@imp imp Wed Jun 19 17:01:52 2019 : Debug: (12) modsingle[authorize]: returned from files (rlm_files) Wed Jun 19 17:01:52 2019 : Debug: (12) [files] = ok Thank you in advance for any help. Best regards, Gianni Costanzi