Hi ! i have 2 main problem, i've tried to find the solutions mostly in rfc's and googleing around but without results !! i hope the questions are not to stupid ... ; ) 1) i'm developing and auth module for eap where the real identity of the user is passed in the 3rd message ( in eap response identity there is a fictitious string "anonymous" ) so i had to add an if( .. ) statement in eap_start() that says something like that : if memcmp(request->username, "anonymous" ...) && eap type is the one i'm developing set attribute User-Name in request->username and in request->packet->vps to the real identity (found in the packet receved). And all goes well : rlm_sql finds the user in the db and gets all the attributes from radreply table , so i can access them from handler->request->reply->vps. The protocol continues but when a new response comes from the supplicant the NAS, i suppose, sets the attribute User-Name to "anonymous", is there a way to tell the NAS to change the value of User-Name to the correct one ?! the problem is that next messages will not get anymore the right user because the section above will set the User-Name to something without sense ... suggestions ? 2) the protocol derives also MSK and EMSK but i don't know where to put them ! i have seen that eap_sim_sendsuccess(EAP_HANDLER *handler) sets 2 proprietary valuepairs in handler->request->reply->vps (MS-MPPE-Recv-Key , MS-MPPE-Send-Key)... should i do something like this ? with which attribute should i tell the NAS for the keys ? Thank you ! kky