Hello, When using EAP PEAP or TTLS, if I try to write the '%{Module-Failure-Message}' in the post-auth section to SQL, the value is blank when the reason is incorrect password. When using a non-tunnelled authentication protocol, it correctly displays 'rlm_pap: CLEAR TEXT password check failed' I think I know why this is happening, because the rejection happens prior to the last message in the EAP sequence, so the value of the module-failure-message is no longer populated in the last message sent to the device, which is when the post-auth is done. And I have read somewhere that using the caching feature can cache the value of the module-failure-message at the point of it happening, and then retrieve it when the post-auth is done. But I can't see to find any examples how to do this specifically using the cache feature. Does anyone have a working example of this they would like to share with me please? Thanks