Sorry if this has already been addressed. I has been searching all day and haven't found the solution to my problem. I am attempting to setup multiple huntgroups to limit the types of connections that clients can make. Along with this I have a list of realms that are authenticated locally and others that are directed to remote radius servers. All of the user and group information is stored in a mysql db. I am having problems authenticating users with realms that are not passed to a remote server. Below is an example of a test without a realm: radtest test blah123 127.0.0.1 0 testing123Sending Access-Request of id 215 to 127.0.0.1:1812 User-Name = "test" User-Password = "blah123" NAS-IP-Address = localhost.localdomain NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=215, length=272 Framed-Protocol = PPP Framed-Routing = Broadcast Framed-Compression = None Framed-MTU = 1500 Idle-Timeout = 0 Cisco-AVPair = "lcp:interface-config=rate-limit input 256000 32000 32000 conform-action transmit exceed-action drop" Cisco-AVPair = "lcp:interface-config=rate-limit output 4500000 32000 32000 conform-action transmit exceed-action drop" Service-Type = Framed-User With a realm: radtest test@dls.net blah123 127.0.0.1 0 testing123 Sending Access-Request of id 223 to 127.0.0.1:1812 User-Name = "test@dls.net" User-Password = "blah123" NAS-IP-Address = localhost.localdomain NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=223, length=20 Output from the server: rad_recv: Access-Request packet from host 127.0.0.1:32770, id=223, length=77 User-Name = "test@dls.net" User-Password = "blah123" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 rlm_sql (sql): - sql_groupcmp radius_xlat: 'test@dls.net' rlm_sql (sql): sql_set_user escaped user --> 'test@dls.net' radius_xlat: 'SELECT GroupName FROM usergroup WHERE UserName='test@dls.net'' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): - sql_groupcmp finished: User does not belong in group 3072BY256 No huntgroup access: [test@dls.net] (from client localhost port 0) modcall[authorize]: module "preprocess" returns reject for request 2 modcall: group authorize returns reject for request 2 If I removed the huntgroups out of the picture, is works fine. The problem seems to be that the realm is not being stripped off of the username when it checks it against the usergroup table. If more information is needed, please let me know. I would really like to get this working. Thanks! - Brad