Hello, I am developing a freeradius3 server for eduroam authentication. My users are in a openldap directory where I have ppolicy to ensure that users change their password. When authenticating from radius, I can use ldap as an authenticate module, so it does a ldap bind as the user trying to connect and password policy is handle correctly. My problem is with EAP-PEAP using MSCHAP authentication. Is this scenario, I can't use ldap to authenticate, only as authorize module retrieving nt and lm passwords. So, is there any way to check that the password used is not expired? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 868888337