Sorry again for the BASIC question! I *occasionally* slam people on other lists for being .... well, basically helpless - and here I am asking what I think is a really stupid question! Humble pie anyone? Let me take a sec to thank the development team for a very flexible product! Seems you can do pretty much anything you'd ever need to! Did Ci$co steal your code for ACS 5.0? :) Once I familiarize myself with the in's and out's I hope to contribute to the community where I can, probably with docs, use cases, examples, etc. Now my current issue. I have read a lot of doc (some 3 and 4 times) and am close to getting my head around how FR works and the various process flow, however, I still can't determine the best way to address this problem: I have several different type's of clients/NAS's that will be using FR as the Front End to perform AAA - mostly Authentication, but the Author and Acct are close behind. Anyway, each of these clients need to perform slightly different backend queries to determine if Authenticate should pass or fail: Type 1: Networking Hardware Management Access (VTY) - Routers, switches, VPN concentrators, firewalls, etc. - Auth pass if creds are good AND user is member of NetEng group in AD; else fail Type 2: IPSec VPN Access - RAS to HQ via IPSec (Ci$c0 ASA at HQ) - Several profiles/groups will exist on ASA with different properties: - NetEng, SysAdmins, Basic Users, etc. - Auth pass if creds are good AND user is member of "RAS" group in AD Type 3 ... etc. So, how do I go about this? I'm currently using NTLM_Auth and that's all working fine, I'm just not sure how to say in FR config: if request of type 1, run this NTLM_Auth command and check for this group; If request of type 2 run this other NTLM_Auth command and check for this other group. Would this be something in the huntgroup file? TIA for replies - back to more reading and trials for me! Gary <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>