Hello, Currently I'm using 'users file to authorize users against login on our network device like Switches. e.g # /etc/raddb/users ...... h3c Cleartext-Password := "netadmin" Service-Type = NAS-Prompt-User, Huawei-Exec-Privilege = "3", Login-Service = 50 ...... But I want to intergrate it with FreeIPA( which provides a LDAP service), which brings the benefit of using one-time-password(see this https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_... ) Apparently it's easy to configure user's account, but is there any way to handle the privileges related stuff like 'Huawei-Exec-Privilege = "3",' in LDAP? And by the way, how is 'authenticate section' in 'site-enabled/default' called? I'm a littble bit confused. Can I say that 'authenticate section is useless and would NEVER be called unless I add "Auth-Type:= FOO" in the 'authorize section' ? I guess this from the comment of 'default' . Thanks,