Hello: We want to design an AAA system with the following requisites: COMPONENTS THAT WE HAVE: A) NAS(es) B) freeradius frontend C) authenticators WHAT WE CAN DO IS: 1. The NAS send a radius "access-request" to the radius frontend. In the packet there is a username (in username@group) syntax and a password. 2. The frontend MUST decide the authentication method and the authenticator machine based ONLY in the group (string AFTER the @). 3. The frontend sends user and password (note that NOT user@group) to the authenticator machine (maybe another radius, ldap, mysql, ...). 4. Then authenticator machine answer's to the frontend only with "OK" or "NOT OK". 5. If "OK" from step(4), then the freeradius answer's the NAS with "access granted" and some attributes extracted from the "group" (ip pool, netmask, default gw, ... _AND_ THE GROUP THAT IS AFTER THE @). NOTE THAT: - The unique function of the authenticators is saying "OK" if the username and passwd are correct or "NOT OK" if not. - NO USERS are defined in the radius frontend (only GROUPS with their respective attributes). Is there any "intelligent" way of acomplishing this design with freeradius? Thanks in advance and best regards