thanks a lot Phil.
It was probably added by the "preprocess" module, if memory serves.
Why would you want to stop it?
If you do, just remove the "preprocess" module from the "authorize" section - but it does a lot of other processing and cleanups too.
The better option is to use attr_filter in the "pre-proxy" section, like so:
pre-proxy { attr_filter.preproxy }
...then in /etc/raddb/attrs.pre-proxy, edit the sample entries to permit/deny attributes you want/don't want to send.
You probably want the postproxy filter too, in case your upstream proxy sends you junk you can't / don't want to handle.
Oh, I see. Surely I didn't think that "preprocess" added "NAS-IP-Address". I used "attr_filter", and could stop it. my settings... --- /etc/raddb/attrs.pre-proxy example.jp User-Name =* ANY, User-Password =* ANY, NAS-IP-Address !* ANY DEFAULT User-Name =* ANY, User-Password =* ANY, ... --- thanks for your help ichiro tanaka