On Wed, 29 Aug 2001, Bill Tangren wrote: > auth "lan-wide" { > hosts: "10.1.5.0/24" > default: "<local>@10.1.5.58" > default-domain: "10.1.5.58" > } There is no access group matching user "<local>@10.1.5.58" and so anyone who gets that identity assigned (by matching the lan-wide auth group) will be rejected. -- Jeffrey M. Vinocur jeff at litech.org