You can create a group "deactivated" for the users you don't want to allow to connect and set Auth-Type == Reject for that group. If you want to tie a group to a certain NAS you have to use huntgroups: TestNAS1 NAS-IP-Address == xxx.xxx.xxx.xxx SQL-Group == dialup, SQL-Group == adsl It means that is the user is coming from this NAS it has to be a member of those groups. Otherwise auth fail. Is this what you are looking for? At least this is my set up. If you find a better way please let me know. Thanks, Bogdan. -----Original Message----- From: freeradius-users-bounces+helpdesk22=mycybernet.net@lists.freeradius.org [mailto:freeradius-users-bounces+helpdesk22=mycybernet.net@lists.freerad ius.org] On Behalf Of Michael Schwartzkopff Sent: May 11, 2006 4:22 AM To: freeradius-users@lists.freeradius.org Subject: MySQL: Group membership test Hi, As a backend database to RADIUS I use MySQL. No I have a special problem: I want to autorize a user for a specific service only if the user is member of a specific group, say "RAS_User". This configuration is nescessary because this database is used also for other authentication/autorization. The documentation says, that the authcheck_table is beeing searched for the user and the reply items in the authrepl_table are returned for the user. I did not find any hint how to configure my freeradius that way, that the user is autorized to use the service only if he is member of a specific group. The groupcheck is only adds further attributes. In the ldap module f.i. I can use the "groupmembership_filter". Is there anything similar in the sql module? How can I configure freeradius or the sql module to test the group membership? Thanks for any help. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42