Hello to all.
Try moving the user1 line before the DEFAULT (and reverse the 'fall through' specifications)....
Thank you Charles for your advice. But the problem in this case is: If I move the user-lines before DEFAULT, freeradius tries to authenticate with any other Auth-Method, exept MOTP. [...] rad_recv: Access-Request packet from host 192,168.82.41 port 33260, id=216, length=58 User-Name = "user1" User-Password = "aa8809" NAS-IP-Address = 192,168.82.41 NAS-Port = 0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated users: Matched entry user1 at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop auth: type Crypt auth: Failed to validate the user. Login incorrect: [user1/aa8809] (from client 192,168.82.41 port 0) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> user1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated [...] So, it seems that I have to use the DEFAULT-line at first to use MOTP as the default Auth-Type. But now some new good news: After changing the module configuration in radiusd.conf to exec motp { wait = yes program = "/usr/local/bin/otpverify.sh %{User-Name} %{User-Password} %{control:Secret} %{control:PIN} %{control:Offset}" input_pairs = request output_pairs = config } ...tested with radtest, everything works fine (thank you, Ivan) :-) auth: type "MOTP" +- entering group MOTP expand: %{User-Name} -> user1 expand: %{User-Password} -> eaec5f expand: %{control:Secret} -> 143a5c6fa125ac1f expand: %{control:PIN} -> 1234 expand: %{control:Offset} -> 0 Exec-Program output: ACCEPT Exec-Program-Wait: plaintext: ACCEPT Exec-Program: returned: 0 ++[motp] returns ok What a nice adventure... Now, I have another problem with mod_auth_radius. But this is another story. Best regards, Stefan