> so it would need to be set per IP address or range only for > the limits so that the other users in AD can be used for that Have you thought about using huntgroups to group your NAS together and then authorize based upon Huntgroup-Name?