Hello, I am using Freeraidius and I want to restrict users to their own devices. I have inserted the Mac addresses of the users in radcheck table with the attribute Calling-Station-Id. Here's an example: SELECT * FROM radcheck; id | username | attribute | op | value -------+------------+--------------------+----+-------------- 23175 | testuser01 | Cleartext-Password | := | password 23177 | testuser01 | Calling-Station-Id | := | aabbccddeefa 23178 | testuser01 | Calling-Station-Id | := | aabbccddeeff In this case, the user testuser01 has two devices. aabbccddeefa and aabbccddeeff are their respective mac addresses. In the authorize section, I have this snippet: if (Calling-Station-Id != "%{sql: SELECT value FROM radcheck WHERE username='%{User-Name}' AND value='%{Calling-Station-Id}'}") { reject update reply { Reply-Message = "Unauthorized device" } } This setup works. I was wondering whether this is an acceptable way to restrict users to their own devices. Initially, I assumed Freeradius would restrict the users based on Calling-Station-Id in radcheck table. But when I tested, my assumption was wrong. Therefore, I put up the unlang. Please advise on best practices to handle such requirements. - Sudheer S