We use OpenLDAP here, and have many users with many fields userPassword each one with one hash like, MD5, SHA1, SSHA, SMD5 and others. Using PAP, work perfect, but, we want to use MSCHAPv2 because work with simple conf (thinking on user side) on Windows, MacOSX and sometimes Linux too. I read the rlm_mschap.c and see that code use SMB (using directly the domain or the ClearText password to generate NTLM encoding or OD of Apple, right?), but I need to auth using OpenLDAP, and using this hashes (we have a idP using shibboleth with this OpenLDAP too, but not think if it is possible to use with auth purpose on FreeRadius). Exist an explanation why this isn't exist? or only because isn't implemented yet? We think to use PAP code implementation to help our modification, of course, with that kind of modification don't represent a problem for the rlm_mschap.c module. Our idea is to get ClearText decoded on MSCHAP connection (get this information) and encode using OpenSSL (same form used on PAP) to check if hashes are the same of which were obtained from OpenLDAP. Regards, -- Brivaldo Junior/DIGR/NIN