Hi, I know this has been discussed before on the list and there is documentation for this, but I have literally spent days on this and I cannot get the result that I am looking for. I am hoping someone can share a configuration with me that works. Basically, I am looking to have radius authenticate to two LDAP servers one after the other. It is not a true failover or load balance situation, as both servers need to be queried at the same time. Basically, I want the first LDAP server to be queried for a username/password, then if the user is not found, try the second one. I did not extend the schema on either LDAP server, and I do not really want to do that if at all possible, since I am just using freeradius for authentication. One a side note, if I just use one LDAP server in the configuration, it works fine. I can authenticate to both LDAP servers if I only list one. What seems to happen with this configuration is that it only trys the first LDAP server, and if the user does not exist, it quits right there and does not try the second (ad_ldap). Any help would be greatly appreciated. I am running the following version of freeradius: radiusd -v: radiusd: FreeRADIUS Version 1.1.3 rpm -qa | grep freeradius: freeradius-1.1.3-1.2.el5 Here are the relevant parts of my config: $sysconfdir/raddb/radiusd.conf: modules { ldap rhds_ldap { server = "xxx.xxx.com" identity = "cn=ciscoap,ou=System,dc=xx,dc=xx,dc=xx" password = "xxxx" basedn = "dc=xx,dc=xx,dc=xx" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=DUser)" start_tls = no access_attr = "uid" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } ldap ad_ldap { server = "yyy.yyy.com" identity = "CN=CiscoAP,CN=Users,DC=yy,DC=yy" password = "yyyy" basedn = "dc=yy,dc=yy" filter = "(samAccountName=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=person)" start_tls = no access_attr = "samAccountName" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } } authorize { redundant { rhds_ldap rhds_ldap notfound = reject } } authenticate { Auth-Type LDAP { rhds_ldap ad_ldap } } $sysconfdir/raddb/users: (added) DEFAULT Auth-Type := LDAP Fall-Through = Yes $sysconfdir/raddb/ldap.attrmap: (added) checkItem User-Password userPassword