Would it be so difficult to add a "groupinfo" table? Just like you have /etc/passwords you have /etc/groups so should you have userinfo and radgroup or groupinfo or somesuch. Namely, there is an awful kludge in radgroupreply in that if a a reply with a group name exists then the group exists, otherwise it doesn't. Now that's funny, it's the same thing as saying if there is an entry in radcheck then the user exists, otherwise they don't. Which is silly. Not only in my opinion but in the the opinion of all database people out there. Referential integrity is non-existent. So is entity-integrity. A simple statement like this in your sql scripts would suffice (mysql exaple here) DROP TABLE IF EXISTS `groupinfo`; CREATE TABLE `groupinfo` ( `id` bigint(20) NOT NULL auto_increment, `groupname` varchar(200) default NULL, PRIMARY KEY (`id`), KEY name (`groupname`) ); Then you can draw all sorts of relations back to this table from radgroupcheck, radgroupreply, usergroup etc. Try and create a radgroupreply for group "Normal", say a bandwidth limitation of some sort. Then add another limitation but this time make an intentional typo and put in "nOrmal" in groupname instead. What happens? If you had referential integrity the database wouldn't let you make such mistaks. Just like this silly gmail webmail won't let me make mistakes and underlines them with a red squiggly line. I'm saying all this because I'm writing a freeradius frontend (there, that stupid red squiggly line again) - I'll probably call it dialUpAdmin# as I'm using NHibernate, mono, asp.net2 and it's going nice; I'll try and submit the initial version to the cvs (or is it svn) repository sometime next week - and silliness like this pops up everywhere. Some simple referential and entity integrity never hurt no one. I'm probably talking crap here as I'll be switching to LDAP soon enough for all this to go away, but still. It'd be nice. Best regards, Pele