hello list I have a question to understanding better radius. For this i make a simple example-scenario : I want to use my radius for 2 things : 1. wireless-access for laptops with machine authentication over a wireless switch with ip 1.1.1.1 2. authentication for the login to my switches for some admin-users My machines (case 1) are in a samba-domain and saved in a openldap-DB in the tree : basedn = "ou=samba-machines,dc=sb-brixen,dc=it" My users (case 2), where i select my admins with a ldap-filter are also in an openldap-dB in the tree: basedn = "ou=users,dc=sb-brixen,dc=it" How and where i distinguish this 2 cases? In the standard configuration, what i have understood radius let try the clients a lot of possibilities and i have read its better to not restrict the auth-methods. A possibility to solve my question is to make 2 files under /modules like ldap1 and ldap2 for my separate cases - but now my problem : Where i say that my wireless switch gos to ldap1 (with mschap) and my switches (for example all the network 1.1.20.x) gos to ldap2 (with ldap-authentication) : in users, or maybe in raddb/sites-available/default In clients.conf i have defined my switches and my network. For the users-file i have seen som examples like : DEFAULT Huntgroup-Name = "vpn-pix",Auth-Type := ldap But where i define "Huntgroup-Name = "vpn-pix"" is this the normal name in the client.conf ? Thank you for a response luis