Well, I think it's a good start, to terminate the code lines with semicolons. I'm not too familiar with FreeRadius, but I guess, the each Tunnel-XY-line should have an "\n" at the end to insert a line wrap. You would get something like this: <?php $user = getenv("USER_NAME"); $password = getenv("USER_PASSWORD"); if ($user == "test" && $password == "test") { echo "Access-Accept\n"; echo "Tunnel-Type = 13,\n"; echo "Tunnel-Medium-Type = 6,\n"; echo "Tunnel-Private-Group-Id = 1\n"; } else echo "Access-Reject"; ?> Hope this helps :) -----Ursprüngliche Nachricht----- Von: freeradius-users-bounces+moenster=hotmail.de@lists.freeradius.org [mailto:freeradius-users-bounces+moenster=hotmail.de@lists.freeradius.org] Im Auftrag von X.x - x.X Gesendet: Samstag, 6. Februar 2010 23:18 An: freeradius-users@lists.freeradius.org Betreff: Freeradius + External PHP script Hello everyone :) I'm having some problems with Freeradius, which I'm sure some folks here will know how to solve. :) Version: 2.0.4 (debian custom build to support SSL) Objective: Upon receiving a request with a username & password (from NAS), Freeradius should invoke an external script (PHP in this case). Script should look-up the username/password, and based on some internal logic return an Access-Accept or Access-Reject. In case of a Access-Accept, script should also provide some VLAN information. Prefered method is EAP/TTLS. I haven't been able to find much info on this subject (maybe I'm looking in wrong place?). This is what I have so far (only the important parts): *radiusd.conf* exec php { wait = yes program = "/usr/bin/php -f myscript.php" input_pairs = request output_pairs = reply } *site-enabled/default* authenticate { Auth-Type TEST { php } *users* DEFAULT Auth-Type := TEST *myscript.php* (simplified version) <?php $user = getenv("USER_NAME"); $password = getenv("USER_PASSWORD"); if ($user == "test" && $password == "test") { echo "Access-Accept"; echo "Tunnel-Type = 13," echo "Tunnel-Medium-Type = 6," echo "Tunnel-Private-Group-Id = 1" } else echo "Access-Reject"; ?> The echo-part in myscript.php is obviously wrongly implemented, so please help.. With the above mentioned, invoking the script works, but always returns Access-Accepted packet (testing with radtest utility). _________________________________________________________________ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html