I am a bit confused now. I understood that if a module returns RLM_MODULE_FAIL that radiusd would not return an authorization reject. However, it appears that it still does. rad_recv: Access-Request packet from host 127.0.0.1:53579, id=193, length=71 User-Name = "visitor" User-Password = "asdfjkle" Called-Station-Id = "8053342021" Calling-Station-Id = "3232546586" rad_lowerpair: User-Name now 'visitor' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 hints: Matched DEFAULT at 59 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched entry visitor at line 51 modcall[authorize]: module "files" returns ok for request 0 rlm_lafn: Found USER_NAME rlm_lafn: Found NAS rlm_lafn: Found Calling ID rlm_lafn: Found Called ID rlm_lafn: Found Hint get_time returns 60 Unable to connect to 0: Can't connect to MSQL server on 0 modcall[authorize]: module "lafn" returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 193 to 127.0.0.1:53579 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 193 with timestamp 42e96be9 Nothing to do. Sleeping until we see a request. zool# ./visitor Received response ID 193, code 3, length = 20 From radiusd.conf: # Authorization. First preprocess (hints and huntgroups files), authorize { preprocess files lafn }