On Wed, 2005-10-19 at 00:10 +0200, Luca Corti wrote: I've done further debugging on this with 'radiusd -X', here's what I get: Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "otherrealm" for User-Name = "user@otherrealm" rlm_realm: Found realm "otherrealm" rlm_realm: Proxying request from user user to realm othereralm rlm_realm: Adding Realm = "otherrealm" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 radius_xlat: 'user@otherrealm' rlm_sql (sql): sql_set_user escaped user --> 'user@otherrealm' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'user@otherealm' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'user@otherrealm' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'user@otherrealm' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'user@otherrealm' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): No matching entry in the database for request from user [user@otherrealm] rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns notfound for request 1 modcall: group authorize returns noop for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user I've searched the mailing-list archives and google looking for similar problems, and they suggest to set Auth-Type := Local in the radgroupcheck table. I've done this, but I get the same result. Also my users in the stripped realm don't have Auth-Type set and they authenticate correctly. thanks -- Luca Corti PGP Key ID 1F38C091