Hello, I have a propiertary radius client which I want to authenticate against freeradius the following way: - User types is username: directory\Administrator password:secret - Freeradius authenticates against active directory. This already works - From the documentation of the propiertary radius client: After authenticating to RADIUS, you may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported. - So now I want freeradius to send 'Access Challenge' and send a sms to the user (for that purpose I wrote a perl daemon which listens on a unix socket in order to talk to smsotp freeradius module)[1]. However nothing comes in. I configured freeradius the following way: sites-enabled/default: authorize { smsotp mschap } authenticate { mschap Auth-Type smsotp { mschap smsotp } Auth-Type smsotp-reply { smsotp } } users: DEFAULT Auth-Type = smsotp radius -X output here: http://thomas.glanzmann.de/tmp/radius-x.txt [1] smsotpd: http://thomas.glanzmann.de/tmp/smsotpd.pl And now my questions: - Is it possible to do a mschapv2 authentication followed by Access challenge in order to send out a sms with a one time password by configuring freeradius or do I need to code? Where do I find pointers? I read the source code of the smsotp and the rlm_example module, I get the basic idea that first the otp is generated and than it is checked, however I don't get how to configure freeradius to choose the codepath. I also don't get if it is possible to stack authentication methods in freeradius. Cheers, Thomas