Authentication with Vendor-Specific Attribute

Daniel Kastner daniel.kastner at
Tue Apr 20 11:57:41 CEST 2021

I'm totally new to this (free)Radius stuff and trying to achieve authentication based on a vendor-specific attribute send by the client.

I've add the custom attribute in a new dictionary file /opt/share/freeradius/dictionary.myvendor:

VENDOR MyVendor 16132
ATTRIBUTE MyVendor -OneTimePassword 1 string

Included it in the /opt/share/freeradius/dictionary:

$INCLUDE dictionary.myvendor

And now trying the following in file /opt/etc/raddb/mods-config/files/authorize:

bob Cleartext-Password := "hello"
  if( &MyVendor-OneTimePassword == "123456" ) {
    Auth-Type := Accept
    Reply-Message := "Hello %{User-Name}, great to have you here!"
  } else {
    Auth-Type := Reject
    Reply-Message := "Sorry %{User-Name}, wrong OTP"

But when I start the server it quits with the following message:

reading pairlist file /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-config/files/authorize[2]: Parse error (reply) for entry bob: Expecting operator
Failed reading /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

Any advice?

More information about the Freeradius-Users mailing list