Hallo, I've configured freeradius to authenticate users with PEAP, using openldap to store NTLM hashes. It works fine. Now I'd like to authorize only people who have the ldap attribute "haDirittoEduroam" set to Y (or the other way round: not to authorize users with "haDirittoEduroam" set to N). Below an example openldap entry. Is there an easy way to achive this? dn: uid=uto.ughi@myorg.it,dc=myorg,dc=it objectClass: sambaSamAccount objectClass: inetOrgPerson objectClass: person objectClass: dirittoEduroam cn: Uto sn: Ughi uid: uto.ughi@myorg.it haDirittoEduroam: N sambaSID: 121212 userPassword: {SSHA}EnK9jqiVGSPNi6EQwpqdpjThBJHtZ1fi sambaNTPassword: 2B466E3D3FB6AA4BF8AAAFEF8F59F6F3 sambaLMPassword: E52CAC67419A9A224300941ECC02054C thanks a lot for your help, Stefano