post-auth language for two requirements

Jessica Cohen Jessica.Cohen at
Thu Apr 29 22:33:35 CEST 2021

I am trying to configure post-auth to require both the NAS-IP-address and a script. I don't think AND works in post-auth. At least that's my guess because it's keeps failing. That or my syntax is incorrect. Looking for suggestions or alternatives. Thanks!


#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {

if (%{NAS-IP-Address} = AND (`/bin/sh /etc/doscripts/ %{User-Name}` =~ /foo-admin/) {
update reply {
Service-Type == "guest"
else {

More information about the Freeradius-Users mailing list