Hello again, First off, thanks go to all who provided the excellent documentation available on the FR wiki, and affiliated sites. Because of that documentation, I have FR 2.0.3 installed on CentOS 5.1, and it is working rather nicely for Cisco port-based 802.1x authentication via Active Directory (2k3 server). I have now configured LDAP-based Group authorization for Cisco privileged access to the routers/switches in our network. I have the authorization side working great, but I've run into a problem trying to get AD authorization to work: Passwords are not checked at all. Authentication is not happening through FR for these logins. As long as a valid user account from AD is supplied, and as long as that user is in the proper group, ("Network Managers" or "Switch Access") instant shell access is granted regardless of the password supplied, and they are immediately dropped into the designated privilege level for that group. I presume the immediate cause of this problem is the "Auth-Type := Accept" in my users file. My first instinct (after reading *tons* of mailing lists and forum posts) was to simply remove the Auth-Type attribute, and see if FR would find a way. Unfortunately, I receive an error stating "No authenticate method (Auth-Type) configuration found for the request", and the request is rejected. Next, I decided to try a different Auth-Type. However, anytime I try to provide an alternative Auth-Type, FR refuses to start with "Unknown value for <insert Auth-Type of choice here> for attribute Auth-Type". I have specifically tried to use ntlm_auth because that would be my preferred method of authentication between FR and AD. When I attempted to use ntlm_auth as the Auth-Type, I received the "Unknown Value" message. I also tried adding an entry for it in the sites_available/default file under the "authorize" section to see if that helped. I received the same error. Next, I tried adding it to the "instantiate" section just out of curiosity, and received a new error stating "Cannot find a configuration entry for module ntlm_auth". Am I even moving in the right direction with this? I know there are people out there who must be using a configuration similar to this setup. I have attached all of the relevant configuration files, cisco configs, and debug logs from my test lab for your review. *edit* The files take me 12K over the 100K size limit for a posting, so I will send the debug logs in a reply to this post. I will gladly accept any assistance, advice, known working configs, or suggestions you may have regarding this issue. And if I've just royally screwed something up, I'd like to know that too. Heck, if you see *anything* that doesn't make sense in my configuration setup, please feel free to bring it to my attention. Thanks in advance, Charles Jones