With version 1.1.7 I want to achieve the following, which is probably easy in 2.0: In the authorize section I have an ldap module and an sql module sp1. group { ldap1 sp1 } I want to get an attribute from AD and use the value of that attribute in a later call to a database radiusd -AX shows: rlm_ldap: looking for check items in directory... rlm_ldap: Adding mobile as Huntgroup-Name == "VL-SBS-AD02-0001" rlm_ldap: looking for reply items in directory... rlm_ldap: user host/28tef003.ww006.company.net authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns ok for request 1 radius_xlat: 'host/28tef003.ww006.company.net' rlm_sql (sp1): sql_set_user escaped user --> 'host/28tef003.ww006.company.net' radius_xlat: 'call firstif ('0','host/28tef003.ww006.company.net','', '1.2.3.4','=','2')' Retrieving an attribute from AD obviously works. In sql.conf I have changed authorize_check_query to use a stored procedure: sql.conf: authorize_check_query = "call firstif ('0','%{SQL-User-Name}','%{Huntgroup-Name}', '%{NAS-IP-Address}','=','2')" I would have expected the %{Huntgroup-Name} to be "VL-SBS-AD02-0001", but this is not true. Is the desired assignment possible at all in 1.1.7 ? Norbert Wegener