Hello! I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol. Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to do it. When I do radtest -t pap .... I see from freeradius -X: [pap] login attempt with password "n*******W" [pap] Using clear text password "1D******************************9B" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [user/n***********W] (from client localhost port 0) Using Post-Auth-Type Reject So, FreeRadius compares my clear-text password with NT-hash taken from LDAP. Of course they are mismatched and I got a reject. If I'm using this hash as a password, it works. At same time if I use mschap, it works well: radtest -t mschap ... +- entering group MS-CHAP {...} [mschap] Found LM-Password [mschap] Found NT-Password [mschap] Told to do MS-CHAPv1 with NT-Password [mschap] adding MS-CHAPv1 MPPE keys ++[mschap] returns ok So the question is: how to force PAP to create NT-hash from the given password and compare hash and hash. but not the password and hash? Thank you!