Hi, Have done a bit of work on rlm_pap and added the ability to pass the username/password through to AD via winbind, complementing the code in rlm_mschap and replacing the need for mods-available/ntlm_auth. This should mostly help people permitting EAP-TTLS/PAP as one of their available methods, as another call out to ntlm_auth can be avoided, and it's convenient to use the same setup as rlm_mschap rather than e.g. having to configure ldap as well. rlm_mschap isn't the best place for this, and it doesn't seem entirely fitting with rlm_pap either, so if anyone's got suggestions for a better place for it then shout... So, only password changes to go, then ntlm_auth can be done away with entirely :-) Cheers, Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>