Hi there, I've got the next config file: radiusd.conf ----------------- modules { exec my_auth { wait = yes program = "/home/myself/my_auth.sh %{NAS-IP-Address} %{Calling-Station-ID} %{User-Name}" input_pairs = request output_pairs = reply } ... instantiate { exec my_auth } authorize { mschap my_auth eap } ... /home/myself/my_auth.sh ------------------------------------ #!/bin/bash echo "NAS: $1" echo "Caller: $2" echo "User: $3" exit 0 And I'm using a Cisco Aironet 1200 AP. Ok, so the problem is the next: When I connect through the access point, i get the following output (I just put the parts regarding my script) ... radius_xlat: '/tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test' Exec-Program: /tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test Exec-Program output: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test Exec-Program-Wait: plaintext: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test Exec-Program: returned: 0 ... I get like 6 of those and then I got 3 of these (Please note that the parameters are gone) Exec-Program: /tmp/radius_auth/auth.sh test Exec-Program output: NAS: test Caller: User: Exec-Program-Wait: plaintext: NAS: test Caller: User: Exec-Program: returned: 0 And finally I get this one (And they are back) radius_xlat: '/tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test' Exec-Program: /tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test Exec-Program output: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test Exec-Program-Wait: plaintext: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test Exec-Program: returned: 0 And access is granted. So, my question is, why, at some point, i lose the values of %{NAS-IP-Address} and %{Calling-Station-ID}? I'd like to know also if there is a way to "ignore" a request for my script. In this case, my script gives a 0 back, and this grants access. If I modify it to return 1, access is denied. I'd like to know if there is a value that doesn't cause the whole auth process to fail, like ignore until I get the IP address that was lost. What I want to do in my script, is to check the AP's ip address and depending on it deny access to users of a determined AP and grant access to users of the others AP, but since sometimes I lose the value of those vars, the whole process will fail even for a user who is on an authorized AP. If someone could shed some light, that'd be great. Thanks a lot. Jack _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/