Hi, In the documentation ( http://networkradius.com/doc/FreeRADIUS%20Technical%20Guide.pdf) on the page 42 is Figure 4.3 Packet Processing Section Usage. In case of Proxied authentification following sections will be processed: Authorize, Pre-proxy and Post-proxy. As i can see in the debug output also post-auth section is processed. Is it correct ? .. (2) # Executing section post-proxy from file ./sites-enabled/default (2) post-proxy { ... (2) } # post-proxy = ok (2) Found Auth-Type = Accept (2) Auth-Type = Accept, accepting the user (2) # Executing section post-auth from file ./sites-enabled/default (2) post-auth { .... (2) } # post-auth = reject (2) Using Post-Auth-Type Reject (2) Post-Auth-Type sub-section not found. Ignoring. ... Thx.