I am still trying to get the rlm_x99_token to work. I am now testing with a SecureNet Key token (A "generic" in the x99passwd file). This token I know how to manually program, so I can guarantee that I know the DES key and have entered it properly in the x99passwd file. The user interface is, I enter my username and the pseudo-password "challenge" into the VPN client's authentication dialog box. A new box is presented containing the 8-digit challenge. I enter this challenge into the token and enter the response into the Password field of the dialog box. This is properly transmitted back to freeradius, but freeradius denies access each time. I think I'm pretty close, but I can't figure out what I'm doing wrong. I have used the "crcalc" program that comes with the rlm_x99_token module to verify that the calculated response to the challenge, which requires entering the DES key as stored in the x99passwd file, matches the one generated by the token and the one in the freeradius debug output, so I can rule out typing the response incorrectly. The freeradius logs do show that the correct response is presented, but access is still denied. Here is the x99.conf file (with comments stripped): x99_token { pwdfile = /etc/x99passwd syncdir = /etc/x99sync.d challenge_prompt = "Challenge: %s\n Response: " challenge_length = 8 challenge_delay = 180 softfail = 5 hardfail = 0 allow_sync = yes fast_sync = yes allow_async = yes challenge_req = "challenge" resync_req = "resync" ewindow_size = 5 ewindow2_size = 5 ewindow2_delay = 60 } Here are the logs produced by the x99 module code. I am wondering if the "incorrect parity" message is why this isn't working (I've tried a number of randomly-generated keys and they all get the parity complaint). "crcalc" also complains about the parity but nevertheless calculates the correct response. Or is there something in my config file that I'm missing? Module: Instantiated x99_token (x99_token) modcall[authorize]: module "x99_token" returns noop for request 0 rlm_x99_token: pw_present: found password attributes 2, 2 rlm_x99_token: Sending Access-Challenge. modcall[authorize]: module "x99_token" returns handled for request 1 rlm_x99_token: autz: Found response to access challenge modcall[authorize]: module "x99_token" returns ok for request 2 rad_check_password: Found Auth-Type x99_token auth: type "x99_token" rlm_x99_token: pw_present: found password attributes 2, 2 rlm_x99_token: x99_mac: DES key has incorrect parity rlm_x99_token: auth: unable to calculate async response for [woods], to challenge DISABLED modcall[authenticate]: module "x99_token" returns fail for request 2 Login incorrect (rlm_x99_token): [woods/cf229d55] (from client vpn-spare port 1051 cli 128.117.8.131) modcall[authorize]: module "x99_token" returns noop for request 3 rlm_x99_token: pw_present: found password attributes 2, 2 rlm_x99_token: Sending Access-Challenge. modcall[authorize]: module "x99_token" returns handled for request 4