I have been using FreeRADIUS 1.1 (yeah very old) on an old Debian server over the years without any issues. Thank you for wonderful software! Now, as part of the server upgrade, I tried installing version 3.2.1 in Debian 12 and I was able to configure it except for one issue. In v1.1 user attributes get priority over group items. I am using the same SQL tables from v1.1. There I am setting Session-Timeout to 3600 in the radgroupcheck table. For some select users I set Session-Timeout differently, say 7200. In v1.1, I am seeing Session-Timeout = 7200 for Access-Accept while in v3.2.1 it is 3600. I checked the server in debug mode and found following <snip> .... (0) sql: User found in radcheck table (0) sql: Conditional check items matched, merging assignment check items (0) sql: Session-Timeout := 7200 (0) sql: Crypt-Password := "$1$bd1rxwue$ab3wiY34Cjfk5QM13/vNy0" .... (0) sql: User found in the group table (0) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{S QL-Group}' ORDER BY id (0) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'VPN -60-Min' ORDER BY id (0) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'VPN-60-Min' ORDER BY id (0) sql: Group "VPN-60-Min": Conditional check items matched (0) sql: Group "VPN-60-Min": Merging assignment check items (0) sql: Session-Timeout := 3600 .... (0) dailycounter: Allowing user, &control:Session-Timeout value (3600) is greater than counter value (0) (0) dailycounter: Setting &reply:Session-Timeout value to 3600 .... Sent Access-Accept Id 55 from 192.168.3.180:1812 to 192.168.3.180:39999 length 32 (0) Idle-Timeout = 600 (0) Session-Timeout = 3600 (0) Finished request </snip> So I think this is the expected behaviour in the new version. Following are the sql contents. Table radgroupreply: +----+------------+--------------+----+-------+ | id | groupname | attribute | op | value | +----+------------+--------------+----+-------+ | 9 | VPN-60-Min | Idle-Timeout | := | 600 | +----+------------+--------------+----+-------+ Table radgroupcheck: +----+------------+-----------------+----+-------+ | id | groupname | attribute | op | value | +----+------------+-----------------+----+-------+ | 2 | VPN-60-Min | Session-Timeout | := | 3600 | +----+------------+-----------------+----+-------+ Table: radcheck: +----+----------+-----------------+----+------------------------------------+ | id | username | attribute | op | value | +----+----------+-----------------+----+------------------------------------+ | 18 | vpn-user | Session-Timeout | := | 7200 | | 19 | vpn-user | Crypt-Password | := | $1$bd1rxwue$ab3wiY34Cjfk5QM13/vNy0 | +----+----------+-----------------+----+------------------------------------+ Now my question: Is there any configuration options available to get the old v1.1 behaviour? This way I don't have to set Session-Timeout for all my users, just a select few who need to be different from default. Thanks Abraham