Hello, I try to authenticate via my Apache Webserver to my freeradius Server. The Apache connects successful, and provides User/OneTimePassword to the freeradius. Here I use the following Config: Auth-Type OTP_OWA { update control { SECRET := `/usr/bin/php /freeradius_scripts/getSecretFromDB.php --username=%{User-Name} ` LAST_USED_PIN := `/usr/bin/php /freeradius_scripts/get_last_used_pin.php --username=%{User-Name}` PIN := `/bin/bash /freeradius_scripts/getPin %{control:SECRET}` PIN_FROM_USER := %{User-Password} ATTEMPTS := `/usr/bin/php /freeradius_scripts/get_attempts.php --username=%{User-Name}` Auth-Type := `/usr/bin/php /freeradius_scripts/check_pin_dev_log.php --username=%{User-Name} --pin=%{control:PIN} --pin_from_user=%{User-Password} --last_used_pin=%{control:LAST_USED_PIN} --attempts=%{control:ATTEMPTS}` } } Unfortunately I receive an REJECT from the freeradius: {DEBUG Output}: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Auth-Type OTP_OWA { (0) update control { (0) Executing: /usr/bin/php /freeradius_scripts/getSecretFromDB.php --username=%{User-Name} : (0) EXPAND --username=%{User-Name} (0) --> --username=USER.NAME (0) Program returned code (0) and output SECRET (0) SECRET := SECRET (0) Executing: /usr/bin/php /freeradius_scripts/get_last_used_pin.php --username=%{User-Name}: (0) EXPAND --username=%{User-Name} (0) --> --username= USER.NAME (0) Program returned code (0) and output 12346 (0) LAST_USED_PIN := 12346 (0) Executing: /bin/bash /freeradius_scripts/getPin %{control:SECRET}: (0) EXPAND %{control:SECRET} (0) --> SECRET (0) Program returned code (0) and output 12346 (0) PIN := 12346 (0) PIN_FROM_USER := %{User-Password} (0) Executing: /usr/bin/php /freeradius_scripts/get_attempts.php --username=%{User-Name}: (0) EXPAND --username=%{User-Name} (0) --> --username= USER.NAME (0) Program returned code (0) and output '0' (0) ATTEMPTS := 0 (0) Executing: /usr/bin/php /freeradius_scripts/check_pin_dev_log.php --username=%{User-Name} --pin=%{control:PIN} --pin_from_user=%{User-Password} --last_used_pin=%{control:LAST_USED_PIN} --attempts=%{control:ATTEMPTS}: (0) EXPAND --username=%{User-Name} (0) --> --username= USER.NAME (0) EXPAND --pin=%{control:PIN} (0) --> --pin=12346 (0) EXPAND --pin_from_user=%{User-Password} (0) --> --pin_from_user=12346 (0) EXPAND --last_used_pin=%{control:LAST_USED_PIN} (0) --> --last_used_pin=64321 (0) EXPAND --attempts=%{control:ATTEMPTS} (0) --> --attempts=0 (0) Program returned code (0) and output 'Accept' (0) Auth_Type_LOG := Accept (0) Executing: /usr/bin/php /freeradius_scripts/check_pin_dev_log.php --username=%{User-Name} --pin=%{control:PIN} --pin_from_user=%{User-Password} --last_used_pin=%{control:LAST_USED_PIN} --attempts=%{control:ATTEMPTS}: (0) EXPAND --username=%{User-Name} (0) --> --username= USER.NAME (0) EXPAND --pin=%{control:PIN} (0) --> --pin=12346 (0) EXPAND --pin_from_user=%{User-Password} (0) --> --pin_from_user=12346 (0) EXPAND --last_used_pin=%{control:LAST_USED_PIN} (0) --> --last_used_pin=64321 (0) EXPAND --attempts=%{control:ATTEMPTS} (0) --> --attempts=0 (0) Program returned code (0) and output 'Accept' (0) Auth-Type := Accept (0) } # update control = noop (0) update reply { (0) Reply-Message := Accept (0) } # update reply = noop (0) } # Auth-Type OTP_OWA = noop (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default (0) Post-Auth-Type REJECT { (0) update control { (0) Executing: /usr/bin/php /freeradius_scripts/write_in_log_win.php --username=%{User-Name} --auth_type=%{control:Auth_Type_LOG} --ip=%{Calling-Station-Id} --reply=Reject: (0) EXPAND --username=%{User-Name} (0) --> --username= USER.NAME (0) EXPAND --auth_type=%{control:Auth_Type_LOG} (0) --> --auth_type=Accept (0) EXPAND --ip=%{Calling-Station-Id} (0) --> --ip= (0) Program returned code (0) and output 'Reject' (0) LOG_EINTRAG := Reject (0) } # update control = noop (0) attr_filter.access_reject: EXPAND %{User-Name} (0) attr_filter.access_reject: --> USER.NAME (0) attr_filter.access_reject: Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) [eap] = noop (0) policy remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) { (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else { (0) [noop] = noop (0) } # else = noop (0) } # policy remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1.000000 seconds Waking up in 0.9 seconds. (0) Sending delayed response (0) Sent Access-Reject Id 117 from 10.1.56.3:1812 to 10.1.56.167:1026 length 28 So my .php Script checks the OTP-PIN ans returns “Accept”, but the freeradius answers Accept-Reject… Why? Thanks for any response 😉 Andreas