Hi, we are using a separate password for wlan user, we called it wlan-nt-password. in freeradius 2 config we do a little check if the wlan password is set for the user and set it as the nt-password for authentication. This works with no problems. in freeradius 3 i got: /usr/local/etc/raddb/sites-enabled/inner-wlan-peap[18]: Failed parsing expanded string: /usr/local/etc/raddb/sites-enabled/inner-wlan-peap[18]: %{check:wlan-NT-Password} /usr/local/etc/raddb/sites-enabled/inner-wlan-peap[18]: ^ Unknown module ----------- if ("%{check:wlan-NT-Password}" == "") { # ist im SQL-Server ein WLAN-Passwort gefunden worden? # Ab Stichtag Authentifizierung ohne WLAN-Password verbieten. update config { # nein, User ablehnen Auth-Type := Reject } } else { update config { # ja, also NT-Passwort mit WLAN-Passwort ueberschreiben, # damit mschapv2 gegen das WLAN-Passwort authentifiziert. NT-Password := "%{check:wlan-NT-Password}" } } ------------------- regards Hans