I'm having a really hard time trying to remodel my setup. I currently have a functioning freeradius server that validates the login from multiple sources. Inside the authorize section, I call a policy that validates if the user is attempting to connect via the correct AP and, based on this, I either reject the petition or let it go ahead down the server. It's working fine, but I wanted to re-organise it a bit better. The idea is that the domain users, for example, don't have to be checked against sql sources, since they are never going to be validated this way and also to filter users that might validate correctly from any ap, since they will be checked against ldap, but perhaps should not be using certain SSIDs So, I created a "main" server that acts as a dispatcher. This main server has only an authorize section which has the logic to decide which virtual server it proxies the request to. i.e.: If the SSID is "eduroam", it would update { control:Proxy-To-Realm := 'eduroam' } There is an entry in proxy.conf that handles this: realm eduroam { virtual_server = eduroam nostrip } and so on and so forth with any other service. I will focus on the eduroam service, since it's the most used one. The eduroam service is an exact copy from the one that was already working before, with its authorize, pre-proxy post-proxy sections, etc. However, I don't see any attempt to connect to the FLR servers on my firewall and the connection fails with a "failed to retrieve values to evaluate the condition" I'm afraid I'm not properly configuring the logic on the "main" server, which acts as a dispatcher of sorts. If anyone could just point me in the right direction on how to achieve this, It would be nice, I seem to be missing something here.