AD> It should work when obtained from MySQL, as it doesn't matter which AD> module added the attribute, it's enforced elsewhere. ok. so the configuration it's ok in mysql db? maybe the radiusd.conf it's bad?
this is my config: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = yes log_auth = yes log_auth_badpass = yes log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 } proxy_requests = no $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 3 max_servers = 16 min_spare_servers = 2 max_spare_servers = 7 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } eap { default_eap_type = leap leap { } } mschap { authtype = MS-CHAP } ldap { server = "ldap.your.domain" basedn = "o=My Org,c=UA" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no tls_mode = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } realm suffix { format = suffix delimiter = "@" } realm realmslash { format = prefix delimiter = "/" } realm realmpercent { format = suffix delimiter = "%" } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter counternever { filename = ${raddbdir}/db.never key = User-Name count-attribute = Acct-Session-Time reset = never counter-name = RAD-Session-Time check-name = RAD-Max-Session-Time allowed-servicetype = Framed-User cache-size = 5000 } counter countermonthly { filename = ${raddbdir}/db.monthly key = User-Name count-attribute = Acct-Session-Time reset = monthly counter-name = RAD-Monthly-Session-Time check-name = RAD-Max-Monthly-Session-Time allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } } instantiate { expr } authorize { preprocess eap files { fail = 1 notfound = 2 ok = return } sql countermonthly { ok = return } counternever } authenticate { eap } preacct { } accounting { counternever countermonthly radutmp sradutmp sql } session { radutmp sql } post-auth { } thanks again -- Remus A. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html