hello all , i've got a vpn server which make authentication to a freeradius server. the user "someone" is authenticated (file users of freeradius) when tested locally via radtest, but not when the request comes from nas box in first case , the user is found in file users of freeradius at line 227 , and in the second case the same user isn't found in file. instead, the user is searched in system (/etc/passwd). why the user isn't found in file users of freeradius ? thanks . root@gringo raddb]# radtest someone thepass localhost 0 secret Sending Access-Request of id 161 to 127.0.0.1 port 1812 User-Name = "someone" User-Password = "thepass" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Request packet from host 127.0.0.1:35045, id=161, length=59 User-Name = "someone" User-Password = "thepass" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 rlm_realm: No '@' in User-Name = "someone", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry someone at line 227 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found *Auth-Type Local* auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [someone/thepass] (from client localhost port 0) Sending Access-Accept of id 161 to 127.0.0.1 port 35045 ====================================================== root@gringo raddb]# rad_recv: Access-Request packet from host 192.168.10.1:1025, id=181, length=156 User-Name = "someone" User-Password = "thepass" NAS-Port = 546 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "191.254.137._" Calling-Station-Id = "66.147.66.24_" Tunnel-Client-Endpoint:0 = "66.147.66.24_" NAS-IP-Address = 192.168.10.1 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=66.147.66.24_" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 rlm_realm: No '@' in User-Name = "someone", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 183 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found *Auth-Type System* auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 modcall[authenticate]: module "unix" returns notfound for request 2 modcall: leaving group authenticate (returns notfound) for request 2 auth: *Failed *to validate the user.