This is on FreeRADIUS Version 1.1.7. I use 'mysql' to authenticate users. I had one customer use a name something like "fred @domain.dom" - ie - there is a space after 'fred' and before the '@' sign. This was being logged in my 'radacct' table with the space intact. I've since managed to find the customer and fix the 'space'. I've also changed radiusd.conf ... nospace_user = before nospace_pass = before (nospace_pass - seems like a good idea as well!) (Both were previously set to "no") The user was authentication just fine - so some sort of stripping of the realm was happening before validation - so some sort of "ignore the space" appears to have been happening... but what I'd like to know is will "nospace_user = before" fix future problems of this sort? ???? In addition - in my SQL statement - if the user does not provide a realm - then I append a default realm - which also may have allowed the name to authenticate... (I have some old users who are set in their ways). I see I also compare the two parts (username and realm) separately. authorize_check_query = "SELECT userid as id,UserName,'Password' as Attribute,password as Value,'==' as op FROM useracct WHERE Username='%{Stripped-User-Name}' AND realm=( case when '%{Realm}'='NULL' then 'domain.dom' else '%{Realm}' end) AND status>2 ORDER BY id" -- . . ___. .__ Posix Systems - Sth Africa /| /| / /__ mje@posix.co.za - Mark J Elkins, SCO ACE, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496