well, if you know that only a particular client is doing this, then have a check for that client and if its not got a User-Password set, then set one. then your current call then follows which would work as theres a User-Password as expected etc.
That's what I initially thought of doing by putting (which Alan DeKok later said I shouldn't do): if (&NAS-Port-Type == "Ethernet" && !User-Password) { update control { User-Password = &User-Name Auth-Type := rest } } in the autorize section but I then received this error in the logs: (1) if (&NAS-Port-Type == "Ethernet" && !User-Password) { (1) if (&NAS-Port-Type == "Ethernet" && !User-Password) -> TRUE (1) if (&NAS-Port-Type == "Ethernet" && !User-Password) { (1) update control { (1) User-Password = &User-Name -> 'E6E849A201E8' (1) Auth-Type := rest (1) } # update control = noop (1) } # if (&NAS-Port-Type == "Ethernet" && !User-Password) = noop (1) if (User-Password) { (1) if (User-Password) -> FALSE (1) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (1) pap: WARNING: !!! Ignoring control:User-Password. Update your !!! (1) pap: WARNING: !!! configuration so that the "known good" clear text !!! (1) pap: WARNING: !!! password is in Cleartext-Password and NOT in !!! (1) pap: WARNING: !!! User-Password. !!! (1) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (1) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (1) pap: WARNING: Authentication will fail unless a "known good" password is available (1) [pap] = noop so I guess I cannot set the User-Password attribute myself. And it appears that the REST module will not fire if I do not have a User-Password attribute set to begin with. Were you proposing something else than what I've tried? Regards, -Martin