Hey there, I'm trying to route Radius requests on 2 backend Radius servers based on LDAP group membership. The purpose is to send Radius requests on the 1st server when the user is a member of an LDAP group (example CN=MyGroup,CN=Users,DC=foo,DC=bar) and to send all other requests on the 2nd Radius server. I'm wondering if it's possible and what is the best way to do it. I started to think about the folowing process : - declare an LDAP filter like (&(objectClass=user)(sAMAccountName=%{User-Name})(memberof=CN=MyGroup,CN=Use rs,DC=foo,DC=bar)) - use the filter (match not null ?) in the site configuration Something that sounds like bellow : my_ldap_filter = (&(objectClass=user)(sAMAccountName=%{User-Name})(memberof=CN=MyGroup,CN=Use rs,DC=foo,DC=bar)) authorize { if (%{my_ldap_filter} != "") { update control { Proxy-To-Realm := 'Radius1' } } else { update control { Proxy-To-Realm := 'Radius2' } } } I'm not sure about the syntax of this. Of course, I faced several errors "Entry is not a reference to a module" when I start manually the freeradius server. Do I need to use the LDAP module ? Thank you for your answer BR, Mathieu