Hi, I mapped my ldap attribute in the ldap.attrmap file as replyItem rCidx roleid And in the dictionary file I mapped it as ATTRIBUTE rCidx 3000 string I am using NTRadPing to test the authorization. I see in the log, radius attribute is mapped to ldap attribute and returning valid value rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111" but I did not see it in the Sending Access-Accept reply to NAS. I read rlm_ldap doc but not quite sure how to configure this. Please help. Thanks and Regards. rad_recv: Access-Request packet from host 216.2.193.1 port 42523, id=2, length=34 User-Name = "0014F846C199" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "0014F846C199", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for 0014F846C199 expand: %{Stripped-User-Name} -> expand: %{User-Name} -> 0014F846C199 expand: (&(did=%{%{Stripped-User-Name}:-%{User-Name}})) -> (&(did=0014F846C199)) expand: ou=roles,o=entitlement -> ou=roles,o=entitlement rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap://e.net:1389, authentication 0 rlm_ldap: bind as uid=appuser,ou=appadm,o=entitlement/**** to ldap://e.net:1389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=roles,o=entitlement, with filter (&(did=0014F846C199)) rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusAuthType as RADIUS attribute Auth-Type == Accept rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111" WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? rlm_ldap: user 0014F846C199 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [0014F846C199/<via Auth-Type = Accept>] (from client samir port 0) Sending Access-Accept of id 2 to 216.2.193.1 port 42523 Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 4.0 seconds. Cleaning up request 0 ID 2 with timestamp +3 Ready to process requests. --------------------------------- You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.