Hi I try to configure authentication via ntlm_auth to check the user group. All authentication attempts are rejected The same configuration without checking groups is working correctly policy.conf: extract_ssid { if(Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i){ update request { Called-Station-SSID := "%{7}" } if (Called-Station-SSID == localnet1) { update request{ AD-Group := WiFisec } } else { update request{ AD-Group := WiFi-public } } } else { noop } } modules/mschap ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of=POMORSU+%{AD-Group}" sites-enabed/default authorize { preprocess extract_ssid freeradius 2.1.10+dfsg-2 debian squeeze