hi, a quick glance at your question and i'd say you be better off using simple entries in the users file - simple check items (use huntgroups for your NAS addresses) with LDAP groups. match the good stuff, set reply match the bad stuff, set reject. alan