I need to configurate freeradius to allow NULL realms only from one or two NAS, and all the other must have a realm in the login. What would be the best way to do this? (using freeradius 2.0.2, in a Debian etch platform.) I tried to add the following in the Users file: DEFAULT NAS-IP-Address=="1.2.3.4", Proxy-To-Realm := "realm1.com" DEFAULT NAS-IP-Address=="1.2.3.5", Proxy-To-Realm := "realm1.com" DEFAULT Realm == NULL, Auth-Type := Reject Fall-Through = 1 In proxy.conf, I added the following entry at end of the file: realm realm1.com { pool = my_auth_failover # nostrip } (I left the example entries from the file enabled.) freeradius -X display: In this entry, I did not use a realm in the login, still it connected. Any ideas how would be the best way to configure this? rad_recv: Access-Request packet from host 1.2.3.6 port 2890, id=10, length=48 User-Name = "user1" User-Password = "pass1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop expand: %{User-Name} -> user1 rlm_sql (sql): sql_set_user escaped user --> 'user1' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'rgreiner' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'rgreiner' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'rgreiner' ORDER BY priority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): User found in group dynamic expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "pass1" rlm_pap: Using CRYPT encryption. rlm_pap: User authenticated successfully ++[pap] returns ok +- entering group session ++[sql] returns noop Login OK: [user1/pass1] (from client dsu24 port 0) Sending Access-Accept of id 10 to 1.2.3.6 port 2890 Framed-Protocol := PPP Service-Type := Framed-User Framed-MTU := 1500 Session-Timeout := 86400 Framed-Compression := Van-Jacobson-TCP-IP Framed-Address := 255.255.255.254 Framed-Netmask := 255.255.255.0 Idle-Timeout := 3600 Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 10 with timestamp +6 Ready to process requests. Thank you very much, Marcos Roberto Greiner -- ----------------------------------------------------- Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy -----------------------------------------------------