Dear Freeradius-Users, I am not an experienced radius admin, so maybe you can give me a hint. I read the manuals, the logs and google, but without success. My wlan users authenticate themselves against eap/ldap. But for guests I generate a file with credentials. This worked for some years now. Because of changing root certificates I had to introduce two different eap-configurations (eap and eapoldca). These are used in the default site and inner-tunnel site via switch that decides on the outer User-Name which certificates are used. So I changed eap { ok = return } to if (&User-Name == "eduroam@uni-koblenz.de") { eap { ok = return } } else { eapoldca { ok = return } } This works for all wlan users except guests. If a guest tries to authenticate, at the end I get (8) if (&Called-Station-SSID == "ubnt") { (8) ERROR: Failed retrieving values required to evaluate condition This is because Called-Station-SSID is unset at this point. I don't think this is the root cause, instead the reason seems to be, that the "ok = return" statements exit the if ()-clause but not the authorize section. But as I said, I am not an expert ... You will find sites-enabled/{default,inner-tunnel}, mods-enabled/eap und a log file here: https://cloud.uni-koblenz-landau.de/s/cBrpcCgCAp9JjTr The radius log was generated while trying to connect to SSID ubnt using test/test as authentication. Any help is greatly appreciated. -- Kind regards Christoph _________________________________________ Uni Koblenz, Computing Centre, Office A 022 Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311