As always, patches are welcome. :) Yes I'm already putting one together the sql module, honestly who hardcodes sql queries :P No i don't want to select * from nas.. gah Am I right in thinking that for radius to be able to proxy eap successfully, the request_list module would have to be updated to hold information as to which home radius server the session was being handled by. With the sessions id being the unique acct id (which could be recorded at the same time as the eap start message), and then direct future packets to that server for an arbitrary length of time, say as long as the nas's authentication timeout and/or until it detected a accept/reject packet for that authentication session. Or is there some hidden complexity ? -- Arran Cudbard-Bell (ac221@sussex.ac.uk) Authentication Authorisation & Accounting Officer Infrastructure Services | ENG1 FF08 EXT:3900