Hi, 1.) in the users-file, I can only check for attributes provided by the request - correct? 2.) in the users-file, if an entry matches all check-attributes, I can specify an Auth/Autz-Type - correct? 3.) in the users-file, if I do not specify the Auth/Autz-Type the radius is taken the requested Type automatically - correct? 4.) Authentication is comparing a password - correct? 5.) Authorization is even if a password is correct, the user may not use/do something - correct? 6.) Authorization is done by providing appropriate reply-attributes - correct? Now the big question: If I have an user who is authenticate, meaning correct username + password whereas the password is stored in LDAP. I want to replay attributes according th some other information stored in LDAP - how can I do such a thing, like: IF ldap-attribute::xy == valid_1 THEN RETURN ldap-attribute::IP-good, ELSIF dap-attribute::xy == valid_2 THEN RETURN ldap-attribute::IP-better, ELSE RETURN ldap-attribute::IP-bad Thanks Florian -- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Martensstr. 1 91052 Erlangen Germany Tel.: +499131 8527813