post-auth language for two requirements

Jessica Cohen Jessica.Cohen at sentrics.net
Thu Apr 29 22:33:35 CEST 2021


I am trying to configure post-auth to require both the NAS-IP-address and a script. I don't think AND works in post-auth. At least that's my guess because it's keeps failing. That or my syntax is incorrect. Looking for suggestions or alternatives. Thanks!

Example:

#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {

if (%{NAS-IP-Address} = 10.100.17.52) AND (`/bin/sh /etc/doscripts/get.sh %{User-Name}` =~ /foo-admin/) {
update reply {
Service-Type == "guest"
}
noop
}
else {
reject
}


More information about the Freeradius-Users mailing list