Hi All, I got a problem with my freeradius server 2-2.1.7-7 PAP knew we're using NT-Password, but it still using CRYPT encryption Can anyone give me some help? Really appreciate for the coming help rad_recv: Access-Request packet from host 192.168.8.190 port 10598, id=184, length=92 User-Name = "liuyang" User-Password = "398765" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "sshd" NAS-Port = 9573 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "192.168.8.118" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "liuyang", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated rlm_ldap: Entering ldap_groupcmp() [files] expand: dc=smsgrp,dc=com -> dc=smsgrp,dc=com [files] expand: %{Stripped-User-Name} -> [files] expand: %{User-Name} -> liuyang [files] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=liuyang) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=smsgrp,dc=com, with filter (uid=liuyang) rlm_ldap: ldap_release_conn: Release Id: 0 [files] expand: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass =GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=cn\3dliu yang\2cou\3dUsers\2cou\3dAccounts\2cdc\3dsmsgrp\2cdc\3dcom))(&(objectClass=G roupOfUniqueNames)(uniquemember=cn\3dliu yang\2cou\3dUsers\2cou\3dAccounts\2cdc\3dsmsgrp\2cdc\3dcom))) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=smsgrp,dc=com, with filter (&(cn=domain_users)(|(&(objectClass=GroupOfNames)(member=cn\3dliu yang\2cou\3dUsers\2cou\3dAccounts\2cdc\3dsmsgrp\2cdc\3dcom))(&(objectClass=G roupOfUniqueNames)(uniquemember=cn\3dliu yang\2cou\3dUsers\2cou\3dAccounts\2cdc\3dsmsgrp\2cdc\3dcom)))) rlm_ldap::ldap_groupcmp: User found in group domain_users rlm_ldap: ldap_release_conn: Release Id: 0 ++[files] returns noop [ldap] performing user authorization for liuyang [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> liuyang [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=liuyang) [ldap] expand: dc=smsgrp,dc=com -> dc=smsgrp,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=smsgrp,dc=com, with filter (uid=liuyang) [ldap] looking for check items in directory... rlm_ldap: pcnMicrosoftNTPassword -> NT-Password == 0x3941383936454439353845383741424246443546313634414231464145434543 [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user liuyang authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "398765" [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject Best Regards, Liuyang