Hello. With freeradius 2.1 I did a post-auth { if (EAP-Type == EAP-TLS) { update reply { ... } updated } elsif (EAP-Type == PEAP) { update reply { ... } updated } } With freeradius 3.0 this does not work any longer. The code above errors out and at least radiusd -X does not start due to "attribute for value" errors on the if-clauses. Using '&' in front of both operands yields a short message "Ignoring as always false" during startup and then nothing happens when PEAP or EAP-TLS requests come in, so clients are authenticated but not properly authorized and access does not work, as it relies on the actions performed in 'update reply'. So, my question is: How do I achieve a similar functionality as above with freeradius-3.0 unlang? Thanks in advance for your help. Regards, Felix -- If God had a beard, he'd be a UNIX programmer.