Hi there, I'm having trouble getting the do_not_respond policy working in the post-auth section with FreeRADIUS 3.0.17. I've got a minimal testcase, reproduced with an almost-default 3.0.17 config built from (I only disabled EAP, removed EAP references from sites-enabled/default and enabled test user "bob" in mods-config/files/authorize). I can insert do_not_respond at the top of the authorize or authenticate sections, and I get the expected behaviour (no response sent and "Not responding to request", "Not sending reply to client" messages in the "radiusd -X" output). E.g.: authenticate { Auth-Type PAP { do_not_respond ... If I insert do_not_respond at the top of the post-auth section, then an Access-Accept response is sent. E.g.: post-auth { do_not_respond ... Here are the differences between the "radiusd -X" output working vs. not-working: Working (do_not_respond in authenticate section): (0) Found Auth-Type = PAP (0) # Executing group from file .../freeradius-server-3.0.17/raddb/sites-enabled/default (0) Auth-Type PAP { (0) policy do_not_respond { (0) update control { (0) &Response-Packet-Type := Do-Not-Respond (0) } # update control = noop (0) [handled] = handled (0) } # policy do_not_respond = handled (0) } # Auth-Type PAP = handled (0) Not responding to request (0) # Executing section post-auth from file .../freeradius-server-3.0.17/raddb/sites-enabled/default (0) post-auth { (0) update { (0) No attributes updated (0) } # update = noop (0) [exec] = noop (0) } # post-auth = noop (0) Not sending reply to client. (0) Finished request Not working (do_not_respond in post-auth section): (0) Found Auth-Type = PAP (0) # Executing group from file .../freeradius-server-3.0.17/raddb/sites-enabled/default (0) Auth-Type PAP { (0) pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: User authenticated successfully (0) [pap] = ok (0) } # Auth-Type PAP = ok (0) # Executing section post-auth from file .../freeradius-server-3.0.17/raddb/sites-enabled/default (0) post-auth { (0) policy do_not_respond { (0) update control { (0) &Response-Packet-Type := Do-Not-Respond (0) } # update control = noop (0) [handled] = handled (0) } # policy do_not_respond = handled (0) } # post-auth = handled (0) Sent Access-Accept Id 73 from 127.0.0.1:1812 to 127.0.0.1:59268 length 0 (0) Reply-Message = "Hello, bob" (0) Finished request My ultimate goal is to do this conditionally from rlm_perl, such as described here: http://lists.freeradius.org/pipermail/freeradius-users/2015-September/079600... but when I try that, I see the same results as above, which is how I came up with this minimal test case. Thanks, Geoffrey.