Good day! We use FR to handle AAA services at a number of client sites, though we've not done anything "fancy" with it as yet. However, we've recently started using MAC authentication, but one thing we don't want to have happen is for a user to sign up for service in one location and then move to another and be able to use the network without signing in (both sites would be configured for MAC auth). To that end, we're thinking we might do something like the following: 1. Combine the NAS-Identifier with the User-Name (e.g., "1234-samjones"). 2. Do an sql lookup in radgroupreply (all users are assigned to groups based on NAS-ID and username) to determine if the group exists. 3. If it does, permit MAC auth to succeed; otherwise, reject. My first question is, does this seem a good way to prevent users from automatic roaming between sites, given that our clients are different? Does the method seem sound? Can we generate our own variable names within the raddb files for later use in the sql lookup? And, most importantly, where and in what file would be the best place to do this? Also, for accounting purposes, we'd like to prepend the same nas-id to the username. Any recommendations on how best to approach that? We're stepping off the edge of the world here, well outside our comfort zone, so we want to be sure we do this correctly. I appreciate any and all pointers, especially to docs that might describe how to do this. Cheers, Jim