Hello, I am currently converting from v2 to 3.0.0 and want to preserve my old behaviour of logging packets using a "detail" instance without logging the User-Password. The 3.0 raddb template (mods-available/detail.log) seems to look exactly like the 2.x one; so I've created the following in /usr/local/freeradius/config/raddb/modules/auth_log_silent (yes, the directory is called modules, not mods-enabled, that is intentional and configured like that; radiusd loads that directory instead of mods-enabled. Please don't beat me up for it.) detail auth_log_silent { filename = ${radacctdir}/%Y%m%d/%{RESTENA-Service-Type}-service/auth-detail permissions = 0600 suppress { User-Password } } But during startup, "permissions" and the "suppress" section get ignored (filename is picked up though): # Instantiating module "auth_log_silent" from file /usr/local/freeradius/config/raddb/modules/auth_log_silent detail auth_log_silent { filename = "/var/log/radius/radacct/%Y%m%d/%{RESTENA-Service-Type}-service/auth-detail" header = "%t" permissions = 384 dir_permissions = 493 locking = no log_packet_header = no } And the log files do contain the User-Password attribute. I'm also staring at the "permissions" line and wonder if it ignores my 0600? Is the example in raddb/ incorrect? Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66