Hello! I tried to set up MAC authorization for testing purposes according to the instructions at http://wiki.freeradius.org/Mac-Auth. The solution there almost worked, except for the raddb/sites-available/default post-auth{} section. The wiki contains the code: if(control:Auth-Type == 'CSID'){ # Authorization happens here authorized_macs.authorize if(notfound){ reject } } However, when the rlm_files module can't find the user, it returns noop, not notfound. As a result, EVERY mac authentication attempt is successful. When I changed the section to if(control:Auth-Type == 'CSID'){ # Authorization happens here authorized_macs.authorize if(!ok){ reject } } I got correct rejects in reply to the MACs not listed in the file. The funny thing is that I actually think that the snippet on wiki page should work, and the rlm_files module is returning the wrong result code. As far as I understand the result codes, noop should be returned when the module ignores the request, because it thinks it should not handle it, and notfound should be returned when the module accepted and tried to handle the requests, but cannot find the user in its "database". Either way, the documentation and the code do not match, and one of them should be fixed. Currently if somene just blindly copies the sample config, and does not test for correct rejects, he'll have wide-open network. I have tested on fedora 13, with the latest freeradius-2.1.10-1.fc13.x86_64 rpm. best regards István Tóth