The question was "how does freeradius talk to authentication database". What does it send to it and what does it get back? I´ll do my best to explain. Access-Request packet from NAS/AAA-client contains: User-Name User-Password (One-Time-Password) NAS-IP-Address FreeRadius checks with SQL: Is user allowed to access through this (NAS-IP-Address)? Check User-Name / profile. To which server do i proxy authentication request? Access-Request packet sent to authentication server (OTP system). Is User-name/User-Password ok? Authentication server responds: Access-Accept/Reject. If Access-Accept. Reply goes to FreeRadius. FreeRadius checks with SQL. What Reply attributes to send to NAS/AAA-client. IETF (attribute 25, Class). etc.. Does this answer your question? I need to know if FreeRadius can do the above things and if so how do i proceed. This is what our ACS does at the moment. Regards Mika -- View this message in context: http://www.nabble.com/Freeradius%2C-PostgreSQL-and-One-Time-Password-backend... Sent from the FreeRadius - User mailing list archive at Nabble.com.