post-auth language for two requirements

Jorge Pereira jpereira at freeradius.org
Fri Apr 30 02:15:51 CEST 2021


Please, next time share the error with us as described in https://wiki.freeradius.org/guide/Users-Mailing-List <https://wiki.freeradius.org/guide/Users-Mailing-List> and https://wiki.freeradius.org/guide/radiusd-X <https://wiki.freeradius.org/guide/radiusd-X> 

--
Jorge Pereira
jpereira at freeradius.org




> On 29 Apr 2021, at 17:33, Jessica Cohen <Jessica.Cohen at sentrics.net> wrote:
> 
> I am trying to configure post-auth to require both the NAS-IP-address and a script. I don't think AND works in post-auth. At least that's my guess because it's keeps failing. That or my syntax is incorrect. Looking for suggestions or alternatives. Thanks!
> 
> Example:
> 
> #  Post-Authentication
> #  Once we KNOW that the user has been authenticated, there are
> #  additional steps we can take.
> post-auth {
> 
> if (%{NAS-IP-Address} = 10.100.17.52) AND (`/bin/sh /etc/doscripts/get.sh %{User-Name}` =~ /foo-admin/) {
> update reply {
> Service-Type == "guest"
> }
> noop
> }
> else {
> reject
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list