Hi, Let me start off with that a have a perfectly working freeradius setup authenticating a bunch of hotspots (coova-chilli). Thanks freeradius!!! All is done using custom code in rlm_perl during authentication. I check the password I check the users cap I check a bunch of other stuff I accept or reject the user I am busy expanding services and can not figure out the following. To sum up my understanding of how freeradius works. authorise = select auth type authenticate = run the appropriate auth method Currently I do the following authorise = set Auth-Type to perl authenticate = run my perl stuff i.e. check the password check the users cap add some reply items return RLM_MODULE_OK/REJECT A friend of mine mentioned that I would not be able to handle CHAP, should I ever want to one day, as I am authenticating the password myself using perl. Now I am trying to achieve the following authorise = leave auth type for Freeradius to decide set the cleartext password using perl authenticate = leave Freeradius to do auth using PAP/CHAP check the cap using perl and possibly reject the user return RLM_MODULE_OK/REJECT I basically want freeradius to do the PAP/CHAP stuff and AFTER that I want to do things like check the users CAP. The reason I want to do this is because some of my custom checking (e.g. the CAP) can be hard on my sql database. I do not want to go to the trouble of a sql select through 10000's of accounting records, until I at least know the password is OK. I therefore want to influence the authentication decision (using rlm_perl) AFTER freeradius has performed the PAP/CHAP/EAP authentication (and it was OK). Does what I want to do make sense? Is this possible? Thanks! -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782