Arran Cudbard-Bell a.cudbardb at
Wed Aug 17 16:35:33 CEST 2016

> On 17 Aug 2016, at 16:29, Thomas Massip <thomas.massip at> wrote:
> Hi all,
> I try to use the virtual server 'check-eap-tls', but when I start FreeRadius with '-radiusd -XXXX' I have this error :
> Wed Aug 17 16:18:39 2016 : Error: /opt/fr3/etc/raddb/sites-enabled/check-eap-tls[63]: Parse error in condition
> Wed Aug 17 16:18:39 2016 : Error: /opt/fr3/etc/raddb/sites-enabled/check-eap-tls[63]: ("host/%{TLS-Client-Cert-Common-Name}" == &User-Name) {
> Wed Aug 17 16:18:39 2016 : Error: /opt/fr3/etc/raddb/sites-enabled/check-eap-tls[63]:  ^ Cannot use attribute reference on right side of condition

Just reverse the order of the operands.

	(&User-Name == "host/%{TLS-Client-Cert-Common-Name}”)

It’s because the condition evaluator infers the type from the thing on the left, and so requires that to be an attribute reference if the condition contains one.

It’s an old vestigial thing from the original condition code.  Hopefully it can be fixed in future.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Users mailing list