Hi @ll, we're playing with the freeradius features and are getting confused in the way it behaves: We have several different Users in user-files which works fine. Now we want that the radius always answers with OK and no more "Login incorrect" - but with other Options than a correct user. We appended in the config: DEFAULT Auth-Type := Accept ... various Options ... This works with PAP/CHAP, when the user is not listed in a users file. It also works with PAP when the user is in a list, but not with CHAP! Is there a way to realize this? Debug says: rad_recv: Access-Request packet from host XXX:XX, id=114, length=263 User-Name = "XXX" Acct-Session-Id = "XXX" CHAP-Password = XXX CHAP-Challenge = XXX Service-Type = Framed-User Framed-Protocol = PPP ERX-Pppoe-Description = "XXX" Calling-Station-Id = "XXX" NAS-Port-Type = Ethernet NAS-Port = XXX NAS-Port-Id = "XXX" NAS-IP-Address = XXX NAS-Identifier = "XXX" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 10 rlm_realm: No '@' in User-Name = "XXX", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 10 users: Matched entry DEFAULT at line 2 modcall[authorize]: module "files" returns ok for request 10 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 10 modcall: leaving group authorize (returns ok) for request 10 Found Autz-Type autz_DSL_B Processing the authorize section of radiusd.conf modcall: entering group autz_DSL_B for request 10 users: Matched entry XXX at line 335992 modcall[authorize]: module "autzfile_DSL_B" returns ok for request 10 modcall: leaving group autz_DSL_B (returns ok) for request 10 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 10 rlm_chap: login attempt by "XXX" with CHAP password rlm_chap: Using clear text password "XXX" for user XXX authentication. rlm_chap: Password check failed modcall[authenticate]: module "chap" returns reject for request 10 modcall: leaving group CHAP (returns reject) for request 10 auth: Failed to validate the user. -- Thomas Buchberger