Hi, I would like to know whether or not the following configuration *can* work, and if so, what I need to know to get it to work. I have gotten peap/mschapv2 to work from the standard users file, so that is all working. What I want to do know is pass all the logic to a perl script, however eveytime I do that I get the following error +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { rlm_perl: PERL USERNAME ryan@test.com rlm_perl: PERL USERNAME test rlm_perl: Added pair Cleartext-Password = test rlm_perl: Added pair State = 0x6a981b696a90018e48312d75606ef989 rlm_perl: Added pair MS-CHAP-User-Name = ryan@test.com rlm_perl: Added pair MS-CHAP-Challenge = 0x263fa419e8c59a51b8f7bda3b0dbd476 rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1 rlm_perl: Added pair User-Name = ryan@test.com rlm_perl: Added pair EAP-Message = 0x020800541a0208004f3197d01dac5bed333c13a1b2a4139575a600000000000000002509ca1d6892684e813e061da39c12bcc360d638c9bb2504007279616e40636f6e6e656374656473706163652e636f2e7a61 rlm_perl: Added pair MS-CHAP2-Response = 0x087997d01dac5bed333c13a1b2a4139575a600000000000000002509ca1d6892684e813e061da39c12bcc360d638c9bb2504 rlm_perl: Added pair EAP-Type = MS-CHAP-V2 rlm_perl: Added pair Cleartext-Password = test rlm_perl: Added pair h323-credit-amount = 100 rlm_perl: Added pair Auth-Type = EAP rlm_perl: Added pair Proxy-To-Realm = LOCAL ++[dot1x] = updated [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: ryan@test.com [mschap] Client is using MS-CHAPv2 for ryan@test.com, we need NT-Password *[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.* *[mschap] FAILED: MS-CHAP2-Response is incorrect* some more # Executing group from file /etc/raddb/sites-enabled/8021x +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. So. How can I fix this? Here is my inner-tunnel authorize section authorize { chap *dot1x* mschap } and the dot1x module calls a script called dot1x.pl The script is *so* basic right now, all I want it to do is to update the Cleartext-password attribute so that the user can authenticate. Currently it looks like this sub authorize { # For debugging purposes only # &log_request_attributes; #debugging &radiusd::radlog(1,"PERL USERNAME " . $RAD_REQUEST{'User-Name'}); &radiusd::radlog(1,"PERL USERNAME " . $RAD_REQUEST{'Cleartext-Password'}); #trying to update the cleartext-password to the one the user enters. $RAD_REQUEST{'Cleartext-Password'} = "test"; $RAD_REPLY{'Cleartext-Password'} = 'test'; return RLM_MODULE_UPDATED; } any advice would be great