Hello, After some hours of googling my problem, i come. I hope somebody will be able to help me! I set up a mac based authentication, with users in mysql database. It is working properly when users are difined in the users file, but did not work with empty Cleartext-Password in the database. Any idea? It is the only problem I've found when following this EXELLENT howto page: http://wiki.freeradius.org/SQL_HOWTO Thanks in advance I show you to of my test users, one with password, the other without (hope i'm clear): Sory, this post post is bigest that wath i was think. Mysql tables: mysql> select * from radcheck; +----+----------+--------------------+----+----------+ | id | username | attribute | op | value | +----+----------+--------------------+----+----------+ | 7 | seb | Cleartext-Password | := | password | | 8 | chris | Cleartext-Password | := | | mysql> select * from radreply -> ; +----+----------+-----------+----+--------+ | id | username | attribute | op | value | +----+----------+-----------+----+--------+ | 5 | seb | Auth-Type | := | Accept | | 6 | chris | Auth-Type | := | Accept | RADTEST whith user seb: radius:/etc/freeradius# radtest seb password localhost 1812 testing123 Sending Access-Request of id 70 to 127.0.0.1 port 1812 User-Name = "seb" User-Password = "password" NAS-IP-Address = 172.18.100.19 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=70, length=20 DEBUG OUTPUT: ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "password" rlm_pap: Using clear text password "password" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [seb/password] (from client localhost port 1812) +- entering group post-auth RADTEST WITH user tof: radius:/etc/freeradius# radtest tof "" localhost 1812 testing123 Sending Access-Request of id 220 to 127.0.0.1 port 1812 User-Name = "tof" User-Password = "" NAS-IP-Address = 172.18.100.19 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=220, length=20 DEBUG OUTPUT: ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP ++[pap] returns invalid auth: Failed to validate the user. Login incorrect (rlm_pap: empty password supplied): [tof/] (from client localhost port 1812) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> tof attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated