Hello, I ahve jsut a question. if I configure freeradius2 with krb5 authentication and I use the following users file, the authentication works using radtest DEFAULT Auth-Type := Kerberos but it fails using EAP (EAP-TTLS) telling USer-PAssword attribute is missing... rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = Kerberos +- entering group Kerberos {...} rlm_krb5: Attribute "User-Password" is required for authentication. ++[krb5] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> veraldi@cnaf.infn.it attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 95 to 192.168.252.17 port 1645 Waking up in 2.9 seconds. if I instead use the following users file: DEFAULT Auth-Type = Kerberos both radtest and EAP authentication works, and thtat's good, but why ? thanks Rick