Hello, is it possible to see what password a module is forwarding to an application? I have the problem that I run freeradius with an external OTP Software (LinOTP) via a rlm_perl module. When I try to authenticate from a Cisco ASA with Anyconnect the authentication fails if there is a backslash in the username. If I try to authenticate directly agauinst the OTP Software it works with the backslash. In the radius -X log is see the password with escaped backslash: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = ok Found Auth-Type = perl # Executing group from file /etc/freeradius/sites-enabled/linotp +group authenticate { rlm_perl: Config File /etc/linotp2/rlm_perl.ini found! rlm_perl: Default URL https://linotpserver/validate/simplecheck rlm_perl: RAD_REQUEST: Called-Station-Id = y.y.y.y rlm_perl: RAD_REQUEST: Vendor-3076-Attr-146 = 0x4d55435f48515f53706c6974496e7465726e65745f324641 rlm_perl: RAD_REQUEST: Cisco-AVPair = ARRAY(0x1607ff0) rlm_perl: RAD_REQUEST: NAS-IP-Address = z.z.z.z rlm_perl: RAD_REQUEST: Vendor-3076-Attr-150 = 0x00000002 rlm_perl: RAD_REQUEST: Tunnel-Client-Endpoint = x.x.x.x rlm_perl: RAD_REQUEST: Calling-Station-Id = x.x.x.x rlm_perl: RAD_REQUEST: User-Name = test-vpn rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual rlm_perl: RAD_REQUEST: User-Password = 123456a\\932684 rlm_perl: RAD_REQUEST: NAS-Port = 19587072 rlm_perl: Auth-Type: perl rlm_perl: Url: https://172.28.8.190/validate/simplecheck rlm_perl: User: test-vpn rlm_perl: urlparam pass = 123456a\\932684 rlm_perl: urlparam realm = check24 rlm_perl: urlparam client = a.a.a.a.a rlm_perl: urlparam user = test-vpn rlm_perl: Content :-( rlm_perl: return RLM_MODULE_REJECT rlm_perl: Added pair Called-Station-Id = y.y.y.y. rlm_perl: Added pair Vendor-3076-Attr-146 = 0x4d55435f48515f53706c6974496e7465726e65745f324641 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform=android rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-type=Xiaomi Mi A1 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-mac=f4-f5-db-ea-66-e9 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-platform-version=8.0.0 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-phone-id=GSM:865181033404965 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=ac-user-agent=AnyConnect Android 4.6.00143 rlm_perl: Added pair Cisco-AVPair = mdm-tlv=device-uid=48FE3052979F54499178B9B0CB4F940BFB462365F18920AA5D715718BCAF15E9 rlm_perl: Added pair Cisco-AVPair = audit-session-id=c0a80101012ae0005b4769b5 rlm_perl: Added pair Cisco-AVPair = ip:source-ip=x.x.x.x rlm_perl: Added pair Cisco-AVPair = coa-push=true rlm_perl: Added pair NAS-IP-Address = z.z.z.z. rlm_perl: Added pair Vendor-3076-Attr-150 = 0x00000002 rlm_perl: Added pair Tunnel-Client-Endpoint = x.x.x.x rlm_perl: Added pair Calling-Station-Id = x.x.x.x rlm_perl: Added pair User-Name = test-vpn rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair User-Password = 123456a\\932684 rlm_perl: Added pair NAS-Port = 19587072 rlm_perl: Added pair Reply-Message = LinOTP server denied access! rlm_perl: Added pair Auth-Type = perl ++[perl] = reject +} # group authenticate = reject Failed to authenticate the user. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.7 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 142 to z.z.z.z. port 54015 Reply-Message = "LinOTP server denied access!" Waking up in 4.9 seconds. Cleaning up request 0 ID 142 with timestamp +46 Ready to process requests. rlm_perl: Added pair User-Name = test-vpn rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair User-Password = 123456a\\932684 rlm_perl: Added pair NAS-Port = 19587072 rlm_perl: Added pair Reply-Message = LinOTP server denied access! rlm_perl: Added pair Auth-Type = perl ++[perl] = reject +} # group authenticate = reject Failed to authenticate the user. Is there a way to see if freeradius sends the password with 2 backslashes? Bernhard Knoll