Hi Mike, Thanks for your help. I'm afraid I have more questions. --- I heard there is a patch for the 'authby ldap', because the current code does not do the unbind operation which can cause problems with some ldap servers. My netscape ldap server seems to be resistant to this, but load is increasing and I'm worried it may affect performance. Can I get the patch? I'm using Radiatior version 2.13. --- I saw that Radiator supports authentication with the ACE securId cards. We may want to use securId cards for roaming users because Surfnet requires us to use 'strong' authentication if we do not check on CLI. Can your radius server directly enquire the ACE server and how do I configure radiator to do that? Or does it use 'authby radius' to forward the radius authentication request to the (Livingstone?) radius server that is packaged with the Ace software? --- I have a question about info level logging. It's not very helpfull in my configuration: I have to check 2 ldap servers for the moment. <Realm uva.nl> ... AuthByPolicy ContinueWhileReject <AuthBy LDAP> Host with.ic.uva.nl Port 389 ... NoDefaultIfFound </AuthBy> <AuthBy LDAP> Host blaeu.student.uva.nl ... NoDefaultIfFound </AuthBy> </Realm> If the user is in the first ldap server, but authentication does not succeed e.g. wrong CLI, then I only get info logging from the second ldap server with the totally useless information. Tue Jun 8 00:56:32 1999: INFO: Access rejected for mdw0011: No such user While it would make the life of the support staff a lot easier if I saw something like: Tue Jun 8 00:34:27 1999: INFO: Access rejected for mdw0011: Check item Calling- Station-Id expression '/204164698/' does not match '204164699' in request Is it configurable to get this information from the first and second authbyldap in stead of just the second one? --- Searching for DEFAULT: [08/Jun/1999:12:49:47 +0200] conn=557 op=1849 SRCH base="o=Universiteit van Amst erdam,c=Nl" scope=2 filter="(uid=DEFAULT)" If a user is not found then radiator searches for DEFAULT, that's a lot of extra searches that slow down the proces. Can I get rid of the searching for "DEFAULT" completely? --- Performance. In the log I see: Tue Jun 8 01:48:13 1999: WARNING: Could not find a handler: request is ignored Has that got to do with the fact that ldap connections are done synchronously? Does it indicate a performance problem? --- I hope you can help me with these questions. Kind regards, Marijke Marijke Vandecappelle Senior netwerkbeheerder Informatiseringscentrum Universiteit van Amsterdam E-mail [EMAIL PROTECTED] Turfdraagsterpad 9 Telefoon +31 20 5252025 1012 XT Amsterdam Fax +31 20 5252084 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.