Dear list. I have the following scenario: Access to a WLAN is granted by freeradius using MySQL as backend. For administration purposes apache with php is running. Users are able to change their passwords via a simple web page. The authentication is performed via a php radius module and direct connection to the inner-tunnel. I want to add a small administration page and I want to use radius via php too for authentication of the admin. But I want to ensure that the administration account can only be used for login into the administration section and not for login into the WiFi-net. I don't want to use realms for this purpose. I thought using the Auth-Type directive in the radcheck or radgroupcheck table and forbidding EAP authentication could be a possibility. But I don't know how to arrange this. Does somebody have some hints or another possibility for achieving the described above? Jens