Hi all, i need to authenicate in wireless network only users that use eap-tls as method, and reject the same user that try in peap. I just use Huntgroup for filtering the users, but the same username can be used in wired network with PEAP and in wireless netwok by TLS. I insert in my users file this configuration item: DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == PEAP, Auth-Type := Reject DEFAULT Huntgroup-Name == wi-fi, Ldap-Group == "wifi", EAP-Type == TLS Fall-Through = No DEFAULT Ldap-Group == "user", Huntgroup-Name == user Fall-Through = No The fist DEFAULT should reject the request if the EAP-type is PEAP, while the second DEFAULT should accept only the request if the EAP is TLS .... i think :-)) but during the test i note that if i force wifi in PEAP, the request is reject from the second default, and not in the fist, this is the log: Wed Jun 24 14:02:36 2009 : Debug: users: Matched entry DEFAULT at line 3 ( line 3 is the second DEFAULT ) the reject is because it dont is able to oepn tls If i try in TLS the system accept the request.... The questions is....Why the Peap request dont match the fist DEFAULT ? thanks for all help mauro