Hi , Could you Plz help me to resolve this issue.. ? The issue is.. CASE 1: Step 1: Im using free radius latest version. I have two radius servers running in the same network. One is configured as direct authentication server and this primary server forwards(proxy's) the request to the second radius server. Primary radius servers radius.conf file... has the configuration... in the authorize module as , authorize { preprocess eap mschap suffix # ldap } Step 2 : Im sending an authentication request to the primary server which inturn forwards the request to the second server ( basically proxy's the request) Result : Authentication success. And the user got connected to the WLAN - X. CASE 2: Im changing the authorize module of primary server to .. STEP 1 : authorize { preprocess eap mschap suffix # Im uncommenting ldap ldap } STEP 2: Same as previous.. LDAP is not connected to the primary server. Result : rad_recv: Access-Request packet from host 192.168.0.1:12590<http://192.168.0.1:12590>, id=90, length=177 User-Name = "anonymous@symbol.com" Called-Station-Id = "00:a0:f8:bc:b4:3c" Calling-Station-Id = "00:0f:66:4f:54:41" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 192.168.0.1 <http://192.168.0.1> NAS-Identifier = "WS2000" Vendor-388-Attr-2 = 0x73756d695f72616474657374 EAP-Message = 0x0201001901616e6f6e796d6f75734073796d626f6c2e636f6d Message-Authenticator = 0xf2ffcd4c14e14277dde2bf1d7b66e41f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 23 modcall[authorize]: module "preprocess" returns ok for request 23 modcall[authorize]: module "chap" returns noop for request 23 modcall[authorize]: module "mschap" returns noop for request 23 rlm_realm: Looking up realm "symbol.com <http://symbol.com>" for User-Name = "anonymous@symbol.com" rlm_realm: Found realm "symbol.com<http://symbol.com> " rlm_realm: Proxying request from user anonymous to realm symbol.com<http://symbol.com> rlm_realm: Adding Realm = "symbol.com <http://symbol.com>" rlm_realm: Preparing to proxy authentication request to realm "symbol.com<http://symbol.com> " modcall[authorize]: module "suffix" returns updated for request 23 rlm_eap: Request is supposed to be proxied to Realm symbol.com<http://symbol.com>. Not doing EAP. modcall[authorize]: module "eap" returns noop for request 23 users: Matched entry anonymous@symbol.com at line 96 modcall[authorize]: module "files" returns ok for request 23 rlm_ldap: - authorize rlm_ldap: performing user authorization for anonymous@symbol.com radius_xlat: '(uid=anonymous@symbol.com)' radius_xlat: 'o=My Org,c=UA' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.your.domain:389, authentication 0 rlm_ldap: bind as / to ldap.your.domain:389 rlm_ldap: bind to ldap.your.domain:389 failed: Can't contact LDAP server rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns fail for request 23 modcall: group authorize returns fail for request 23 Sending Access-Request of id 8 to 157.235.206.67:1812<http://157.235.206.67:1812> User-Name = "anonymous@symbol.com" Called-Station-Id = "00:a0:f8:bc:b4:3c" Calling-Station-Id = "00:0f:66:4f:54:41" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 192.168.0.1 <http://192.168.0.1> NAS-Identifier = "WS2000" Vendor-388-Attr-2 = 0x73756d695f72616474657374 EAP-Message = 0x0201001901616e6f6e796d6f75734073796d626f6c2e636f6d Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x3930 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.1:12590<http://192.168.0.1:12590>, id=90, length=177 Dropping conflicting packet from client ws2k:12590 - ID: 90 due to unfinished request 23 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 8 to 157.235.206.67:1812<http://157.235.206.67:1812> User-Name = "anonymous@symbol.com" Called-Station-Id = "00:a0:f8:bc:b4:3c" Calling-Station-Id = "00:0f:66:4f:54:41" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 192.168.0.1 <http://192.168.0.1> NAS-Identifier = "WS2000" Vendor-388-Attr-2 = 0x73756d695f72616474657374 EAP-Message = 0x0201001901616e6f6e796d6f75734073796d626f6c2e636f6d Message-Authenticator = 0x00000000000000000000000000000000 Client-IP-Address = 192.168.0.1 <http://192.168.0.1> Realm = "symbol.com <http://symbol.com>" EAP-Type = Identity Realm = "symbol.com <http://symbol.com>" Proxy-State = 0x3930 Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.1:12590<http://192.168.0.1:12590>, id=90, length=177 Dropping conflicting packet from client ws2k:12590 - ID: 90 due to unfinished request 23 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 8 to 157.235.206.67:1812<http://157.235.206.67:1812> User-Name = "anonymous@symbol.com" Called-Station-Id = "00:a0:f8:bc:b4:3c" Calling-Station-Id = "00:0f:66:4f:54:41" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 192.168.0.1 <http://192.168.0.1> NAS-Identifier = "WS2000" Vendor-388-Attr-2 = 0x73756d695f72616474657374 EAP-Message = 0x0201001901616e6f6e796d6f75734073796d626f6c2e636f6d Message-Authenticator = 0x00000000000000000000000000000000 Client-IP-Address = 192.168.0.1 <http://192.168.0.1> Realm = "symbol.com <http://symbol.com>" EAP-Type = Identity Realm = "symbol.com <http://symbol.com>" Proxy-State = 0x3930 Waking up in 5 seconds... --- Walking the entire request list --- Server rejecting request 23. marking authentication server 157.235.206.67:1812<http://157.235.206.67:1812>for realm symbol.com <http://symbol.com> dead Waking up in 0 seconds... --- Walking the entire request list --- Sending Access-Reject of id 90 to 192.168.0.1:12590<http://192.168.0.1:12590> Cleaning up request 23 ID 90 with timestamp 42e83888 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.1:12591<http://192.168.0.1:12591>, id=91, length=177 User-Name = "anonymous@symbol.com" Called-Station-Id = "00:a0:f8:bc:b4:3c" Calling-Station-Id = "00:0f:66:4f:54:41" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 192.168.0.1 <http://192.168.0.1> NAS-Identifier = "WS2000" Vendor-388-Attr-2 = 0x73756d695f72616474657374 EAP-Message = 0x0201001901616e6f6e796d6f75734073796d626f6c2e636f6d Message-Authenticator = 0x9e6c2754c62012077fa29b7696d5755e Processing the authorize section of radiusd.conf My doubt is why do we need to have an ldap setting for the proxy requests??? The secondary server when it gets the request for the first time it says.. Access Accept.. But for the next time onwards it rejects the user. Plz help me on this regard. Awaiting for your earliest reply. Thanks & Regards Sumi