Hello everyone we are successfully using FreeRADIUS for some time now. Now we have two more requirements: 1) Password change in OpenLDAP via FreeRADIUS FreeRADIUS is connected to an OpenLDAP via the LDAP-module. We also have Cisco-Devices connected to a tac_plus-Server (http://www.pro-bono-publico.de/projects/tac_plus.html) also using OpenLDAP as backend. In this setup the users can change their LDAP-password via the router's login-prompt after successful authentication with the old password. Can we implement password changes with FreeRADIUS as well when the NAS supports this or is this a TACACS+-only feature? 2) Next-Token-Mode for RSA SecurID We are using Two-Factor-Authentication with FreeRADIUS and RSA SecurID. FreeRADIUS / unlang splits the password string in two parts and is sending the last 6 digits as Token to the RSA SecurID Server via Radius for validation. This works fine. However, in rare conditions a re-sync of the Token-device may be necessary so that the RSA SecurID Server is prompting for the next Token. Access-Challenges are used in this case. Is there a way to handle this in FreeRADIUS? It would be great if you could point me in the right direction for both use cases and tell me what modules or unlang-statements we could try out to solve this. Thanks and best wishes Michael