Hi, I am attempting to use my Freeradius users file to restrict certain users to a specific realm. In my users file, I have several default realms specified near the top as so: DEFAULT Realm == realm1.com Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500, Fall-Through = 1 DEFAULT Realm == realm2.com Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500, Fall-Through = 1 Next I have users entries as so: lisa Auth-Type = Local, Password == xxxxxxx Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500 susan Auth-Type = Local, Password == xxxxxxx Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500 I would like to restrict lisa to realm1.com only. So I modified lisa's entry in the users file like so: lisa Realm == realm1.com, Auth-Type = Local, Password == xxxxxxx Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None, Framed-MTU = 1500 It doesn't work. In my radius.log I get: Fri Dec 5 12:59:05 2008 : Auth: Login incorrect: [lisa/xxxxxxx] (from client rad03.globalpops.com port 1282 cli 423784xxxx) Fri Dec 5 12:59:11 2008 : Auth: Login incorrect: [lisa/xxxxxx] (from client rad04.globalpops.com port 1282 cli 423784xxxx) I have tried leaving out Auth-Type, I've changed Password == to Cleartext-Password == but none of that helped. I can authenticate as lisa with no realm specified in the users file as a check item, buit as soon as I add that in, I can no longer authenticate. Any idea what I'm doing wrong or why this isn't working for me? Thanks, Lisa