Hi Alan, probably another bug report: in my radiusd.conf: ... session { reject } ... and when authenticating some user: 2007-05-03 12:57:50.210429500 modcall[authenticate]: module "perl" returns ok for request 4 2007-05-03 12:57:50.210432500 modcall: group PERL returns ok for request 4 2007-05-03 12:57:50.210434500 Processing the session section of radiusd.conf 2007-05-03 12:57:50.210436500 modcall: entering group session for request 4 2007-05-03 12:57:50.210451500 modcall[session]: module "reject" returns reject for request 4 2007-05-03 12:57:50.210453500 modcall: group session returns reject for request 4 2007-05-03 12:57:50.210456500 Login OK: [skzxtz/xtbsjs] (from client localhost port 5281) 2007-05-03 12:57:50.210458500 Processing the post-auth section of radiusd.conf 2007-05-03 12:57:50.210460500 modcall: entering group post-auth for request 4 As you can see "group session" returned REJECT but the user is accepted! Is it a bug or a feature? Or am I missing something? I've discovered this when having: ... session { sql { fail = reject } } ... I'm using checkrad to query NAS about the user. By above I wanted to assure that when the checkrad fails(eg. because of firewall) then by default we assume that the user is logged in... Please advise. PS: Observed on cvs head from Apr 30 but I've checked changes since then and I do not think this was fixed. Milan Holub holub (at) thenet (dot) ch -------------------------------------- TheNet-Internet Services AG, im Bernertechnopark, Morgenstr. 129 CH-3018, Bern, Switzerland 031 998 4333, Fax 031 998 4330 http://www.thenet.ch http://wlan.thenet.ch --------------------------------------