Greetings, I am having troubles wrapping my hear around the unlang concepts to make this work. Situation: My company just merged with another that is also using freeradius, though they are using 2.x instead of 3.x. We were in the process of upgrading ours to 3.x when this merger was announced internally. I am tasked with merging the radius system. Here is what I need. In proxy.conf we have 4 needed realms, each using a different virtual_server. I have the following: realm company1.org { virtual_server = company1 } realm company2.net { virtual_server = company2 } realm company3.net { virtual_server = accept } realm company4.com { virtual_server = reject } realm NULL { virtual_server = company1 } realm DEFAULT { virtual_server = default ##duplicate of company1's file for now. } I have each of the virtual servers listening on different ports and only listing on ip 127.0.0.1. Examples: company1: 9990,9991, company2: 9992,9993, etc The main server listens to ports 1812,1813. I need the accept virtual_server to accept anything sent to it. I need the reject virtual_server to reject all sent to it. company1 has realm and non-realm users, using Stripped-User-Name for final lookup to the database. Company2 always has the realm on it, and can be configured to use stripped or non-stripped usernames when going to the database. So far company1 and company2 work, but when I add company3 and company4, things start working very strangely. When I use radtest to query the server for company3 I get a result: (0) Expected Access-Accept got Access-Reject I am assuming I have my server config messed up, but I won't count on that being the issue. Any help would be appreciated. My accept and reject virtual servers are pretty basic and are almost identical. Below is my accept server config: # server accept { listen { type = auth ipaddr = * port = 9992 limit { max_connections = 16 lifetime = 0 idle_timeout = 120 } } listen { ipaddr = * port = 9993 type = acct limit { } } authorize { update control { &Auth-Type := Accept } } authenticate { Auth-Type CHAP { chap } } preacct { preprocess acct_unique suffix files } accoutning { detail unix -sql if (noop) { ok } attr_fileter.account_response } session { } post_auth { replay_log -sql Post-Auth-Type REJECT { -sql attr_filter.access_reject } } pre-proxy { } post-proxy { eap } }