I'm trying to check username/password before proxy request in authorize section and return a cursor with Auth-Type := Reject if user doesn't exists. Freeradius version is 3.0.8. I have a configuration like this: authorize { preprocess suffix sql #if (notfound) { # reject #} if (&Auth-Type == "Reject") { reject } } But it seems that Auth-Type item return by sql module is ignored. If I add a python module that print all attributes after sql module I see that Auth-Type attribute is not present. Is correct ? Auth-Type field return by sql module is ignored inside a proxy process? Some thing if I try to return Auth-Type Reject in authorize_reply query. An alternative is return an empty cursor that generate a notfound status of module, but I don't understand why Auth-Type field is not propagate. Logs: Thu Jun 11 18:09:29 2015 : Debug: (0) sql: User found in radcheck table Thu Jun 11 18:09:29 2015 : Debug: (0) sql: Conditional check items matched, merging assignment check items Thu Jun 11 18:09:29 2015 : Debug: (0) sql: Auth-Type := Reject Thu Jun 11 18:09:29 2015 : Debug: rlm_sql (sql): Released connection (4) Thu Jun 11 18:09:29 2015 : Debug: (0) modsingle[authorize]: returned from sql (rlm_sql) for request 0 Thu Jun 11 18:09:29 2015 : Debug: (0) [sql] = ok Thu Jun 11 18:09:29 2015 : Debug: (0) modsingle[authorize]: calling python (rlm_python) for request 0 ... Thu Jun 11 18:09:29 2015 : Debug: (0) if (&Auth-Type == "Reject") { Thu Jun 11 18:09:29 2015 : ERROR: (0) Failed retrieving values required to evaluate condition Thu Jun 11 18:09:29 2015 : Debug: (0) } # authorize = updated Thanks in advance G.