Hi, Alan! Thanks for answering... First of all I never intended to use CRYPT passwords for MS-CHAPv2. C'mon, I know that much about MS-CHAP. ;-) Not all my users need access to new services, as I wrote, I was planning to expose the cleartext password for those who need (perhaps NT-Password in the future) and to continue using CRYPT for those who do not need the new services. If you say SQL doesn't like having two passwords in radcheck and only grabs the first one - let it be... What I wrote about hacking the code was about trying to fix this perhaps, shouldn't SQL take all check records found?... Actually I've found my around the problem... I've made a second instance of pap using clear text passwords in radiusd and I'll only change password attributes to clear text in radcheck to those who use MS-CHAP as well (placing them into group which does Auth-Type := papplain). This however leaves me without NT-Password (which is NT-Hash). An ideal situation for me would be something like this in radcheck: username | att | op | val --------------+-------------------------+----+----------- btest | NT-Password | == | NT-hashbla-bla-bla^&&@0-3443 btest | Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1 This however will not work because PAP burps on Crypt-Password this way. Here is the dump of having both, it was stupid of me not to include one, I admit: btest User-Password == Master1 btest Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1" Authentication PAP Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.8:1248, id=5, length=45 User-Name = "btest" User-Password = "Master1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "btest", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry btest at line 69 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'btest' rlm_sql (sql): sql_set_user escaped user --> 'btest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'btest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User btest not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User btest not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 modcall[authorize]: module "domainmschap" returns noop for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [btest] (from client rasdata port 0) Sending Access-Accept of id 5 to 192.168.0.8:1248 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --------------------------------------------------------------------------------------------------------- Authentication CHAP rad_recv: Access-Request packet from host 192.168.0.8:1271, id=11, length=46 User-Name = "btest" CHAP-Password = 0xd2bf262017f2f6812bc00cbd077aed9b55 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "btest", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry btest at line 69 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'btest' rlm_sql (sql): sql_set_user escaped user --> 'btest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'btest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User btest not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User btest not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 modcall[authorize]: module "domainmschap" returns noop for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied CHAP-Password matches local User-Password Login OK: [btest] (from client rasdata port 0) Sending Access-Accept of id 11 to 192.168.0.8:1271 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds...