> What is the proper way to configure for proxy but maintain a list of users > that are accepted/rejected either without consulting the master server or > overriding the response from the master server?
I figured it out. I had failed to notice the example of "terminate PEAP or EAP-TTLS locally" in the proxy.conf file. It was that example that lead me to do the following which worked: -----------------users----------------- 000200000001 Auth-Type := Accept 002000000002 Auth-Type := Accept DEFAULT Proxy-To-Realm := RRDCORP -----------------users----------------- -----------------proxy.conf----------------- realm RRDCORP { type = radius authhost = 10.225.xxx.xx:1812 accthost = 10.225.xxx.xx:1813 secret = xxxxxxxx } -----------------proxy.conf----------------- Using this configuration, if a MAC address (username) is in my users list the Accept or Reject is issued without consulting the master RADIUS server. If it is not in my users list, the response from the master RADIUS server is used. Dennis Beach Systems Engineer RR Donnelley, Information Technology (765) 364-4604 - phone (765) 230-6111 - cellular (765) 364-3056 - fax [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html