>I am authenticating users based on
Calling-Station-Id in addition to password.
>All accepts and rejects are logged
to the postauth table in my database.
Using what type of
authentication? Are you really checking Calling-Station-Id during authenticate
or are you checking it during authorize? What module are you using to validate
it?