Hi Folks, the question makes sense, I think I wrote it not understandible enough. 1. What I already do is: 1.1. Authenticating via EAP-TLS Computers/Workstations against my Switches 1.2. Users are authenticated with PEAP and Cleartext-Passwords in $RADDB/users 2. What I want to do is: 2.1. Upgrade to 2.1 2.2. Use my LDAP to collect and control authentification of Workstations and Users 3. What I have is: 3.1. Certs on all Computer/Workstations and an entry in $RADDB/users of the Computername wirh Authentification-Type = EAP 3.2. Users in my LDAP with crypted Passwords (MD5/crypt) AND Passwords for Samba (NT-Passwords). 3.3. All Computernames in my LDAP (because I run a Samba-NT4-Domain). 4. Question is: 4.1. Can I configure FR to lookup the Computername upon a request in the LDAP, and if it finds the entry to enter a EAP-TLS authentification, and if not to deny access? 4.2. To authenticate all users of a specific group which are in LDAP with their password which is stored crypted/hashed in LDAP using PEAP? I hope it's clear enough now. TIA Alex