Hi, I am trying to set up freeradius 2.1.8 to authorize an user using LDAP and to authenticate him using EAP. Every user in the LDAP-database and a valid EAP-certificate should get access. If not in the LDAP-database the user should be rejected. If I only use EAP for authentication and authorazation every thing is ok. I am trying this by using a DEFAULT Autz-Type := LDAP1 in the users file. freeradius checks now for authorization against the LDAP-database and gets back if the user exists or not (according to the debug output). But the user will not be rejected, if not in the LDAP-database. Perhaps I did not read the right document file right now. Perhaps Autz-Type is the totaly wrong approach. Any hints? Thanks, Juergen -- email: koller@idmt.fraunhofer.de gilb: Fraunhofer-IDMT, Ehrenbergstrasse 31, 98693 Ilmenau Tel.: +49 3677 467-340 Fax: +49 3677 467-4340 GSM: +49 175 183 5160