I've got an old freeradius server that's been plugging along for a long time. It pulls in the files /etc/passwd /etc/shadow and /etc/group from an external server, all copied into an /etc/radius/ folder, and authenticates pppoe sessions. I don't need help with this old server, but I need to replicate its functionality at a new location. So I have installed a completely fresh freeradius 3.0 server, and after a lot of tinkering and quite a bit of hair-pulling, I managed to get it into a state where it will authenticate usernames and passwords against the /etc/radius/shadow file. To get that far, I'd modified the "mods-enabled/passwd" to read: passwd shadow { filename = /etc/radius/shadow format = "*User-Name:Crypt-Password:" hash_size = 100 ignore_nislike = no allow_multiple_keys = no } and in the "sites-available/default" file where it listed "unix" (approx line 400 in the "authorize" section) I listed "shadow" instead. Easy peasy, so to speak. But there's still one major hitch that I cannot seem to get straight. Getting authentication to work when the username has an attached "realm" is failing, and I'm utterly boggled for now as to where or what I need to change, because it's totally different from the old but still-plugging-along server. So this works: radtest <username> <password> localhost 5000 testing123 but this fails: radtest <username@domain> <password> localhost 5000 testing123 As far as I can gather, there's no "nostrip" option enabled anywhere, yet the realm isn't being stripped before being matched via the passwd module. Help please?