Hello, I know this question has been asked many times before yet I could not find a solution to my problem: On debian squeeze, I installed freeradius 2.1.10 and use mysql (5.1.49) for the authentication (I uncommented the line "sql" in the 'authorize' and 'accounting' sections of /etc/freeradius/sites-available/default ) When I test with the following command: root@my-machine:~# radtest sqltest testpwd localhost 1812 testing123 Sending Access-Request of id 116 to 127.0.0.1 port 1812 User-Name = "sqltest" User-Password = "testpwd" NAS-IP-Address = 10.50.1.3 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=116, length=20 it receives the authorization correctly. It works fine... Yet, on the debugging messages, I see the following (famous) message: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I have read in the messages archive that I should "replace in your configuration (either user file or database) all occurrences of "User-Password" with "Cleartext-Password"." Yet in my DB, I have: mysql> select * from radcheck; +----+----------+-----------+----+---------+ | id | username | attribute | op | value | +----+----------+-----------+----+---------+ | 1 | sqltest | Password | == | testpwd | +----+----------+-----------+----+---------+ If I change the attribute to "Cleartext-Password" instead of "Password", the connection is rejected (ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user) I did grep "Cleartext" in /etc/freeradius/* but found nothing. Should I really worry about that warning and if yes, how can I get rid of that message? DEBUG INFO: ----------- Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 35731, id=116, length=59 User-Name = "sqltest" User-Password = "testpwd" NAS-IP-Address = 10.50.1.3 NAS-Port = 1812 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "testpwd" [pap] Using clear text password "testpwd" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 116 to 127.0.0.1 port 35731 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 116 with timestamp +2 Ready to process requests --------------- I did read 'man rlm_pap' as suggested but could not find the solution. Here is an excerpt of my /etc/freeradius/sites-available/default : authorize { preprocess chap mschap digest suffix eap { ok = return } sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } digest unix eap } Any help would be greatly appreciated. Yannick