Hello! Sorry for my english. I'm working with freeradius FreeRADIUS Version 2.1.12 Sorry to ask again about this, I have been looking for the solution, but I can't resolve my problem. I have a LDAP server with users password in crypt for PDI and PAS and in MD5 for students. The password in LDAP for an user is only available when you do bind with that user. I can see here that you can get the authentication result from the bind result http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+... ¿Is this function available in freeradius 2.1.12? Meanwhile I try to do bind whit my user (PAS - crypt password in userPassword attribute in LDAP) and authenticate whith a clear text password, but I can't auth... My config: # cat /etc/freeradius/sites-enabled/rinuex_email server rinuex_email { authorize { suffix files ldapemail pap } authenticate { Auth-Type PAP { pap } } post-auth { sql_log Post-Auth-Type REJECT { sql_log } } } # cat /etc/freeradius/modules-enabled/ldap ldap ldapemail { server = "ldap.unex.es" identity = "uid=aigallardo,ou=people,dc=unex,dc=es" password = "XXXX" basedn = "ou=people,dc=unex,dc=es" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" password_attribute = userPassword ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } # dictionary_mapping = ${confdir}/ldap.attrmap.email edir_account_policy_check = no set_auth_type = yes } My log: rad_recv: Access-Request packet from host 158.49.245.14 port 50406, id=16, length=62 User-Name = "aigallardo@unex.es" Vendor-Specific = 0x00000000020a3035303837372b2b NAS-IP-Address = 158.49.245.14 Fri Apr 10 11:37:38 2015 : Info: server rinuex_email { Fri Apr 10 11:37:38 2015 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/rinuex_email Fri Apr 10 11:37:38 2015 : Info: +- entering group authorize {...} Fri Apr 10 11:37:38 2015 : Info: [suffix] Looking up realm "unex.es" for User-Name = "aigallardo@unex.es" Fri Apr 10 11:37:38 2015 : Info: [suffix] Found realm "unex.es" Fri Apr 10 11:37:38 2015 : Info: [suffix] Adding Stripped-User-Name = "aigallardo" Fri Apr 10 11:37:38 2015 : Info: [suffix] Adding Realm = "unex.es" Fri Apr 10 11:37:38 2015 : Info: [suffix] Authentication realm is LOCAL. Fri Apr 10 11:37:38 2015 : Info: ++[suffix] returns ok Fri Apr 10 11:37:38 2015 : Info: [files] users: Matched entry DEFAULT at line 42 Fri Apr 10 11:37:38 2015 : Info: ++[files] returns ok Fri Apr 10 11:37:38 2015 : Info: [ldapemail] performing user authorization for aigallardo Fri Apr 10 11:37:38 2015 : Info: [ldapemail] expand: %{Stripped-User-Name} -> aigallardo Fri Apr 10 11:37:38 2015 : Info: [ldapemail] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aigallardo) Fri Apr 10 11:37:38 2015 : Info: [ldapemail] expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] ldap_get_conn: Checking Id: 0 Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] ldap_get_conn: Got Id: 0 Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] attempting LDAP reconnection Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] (re)connect to ldap.unex.es:389, authentication 0 Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] bind as uid=aigallardo,ou=people,dc=unex,dc=es/XXXX to ldap.unex.es:389 Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] waiting for bind result ... Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] Bind was successful Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] performing search in ou=people,dc=unex,dc=es, with filter (uid=aigallardo) Fri Apr 10 11:37:38 2015 : Info: [ldapemail] Added User-Password = {crypt}XXXXXXXXXXXX in check items Fri Apr 10 11:37:38 2015 : Info: [ldapemail] No default NMAS login sequence Fri Apr 10 11:37:38 2015 : Info: [ldapemail] looking for check items in directory... Fri Apr 10 11:37:38 2015 : Info: [ldapemail] looking for reply items in directory... Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] sn -> Nombre-Completo = "gallardo gomez" Fri Apr 10 11:37:38 2015 : Info: [ldapemail] user aigallardo authorized to use remote access Fri Apr 10 11:37:38 2015 : Debug: [ldapemail] ldap_release_conn: Release Id: 0 Fri Apr 10 11:37:38 2015 : Info: ++[ldapemail] returns ok Fri Apr 10 11:37:38 2015 : Info: [pap] No clear-text password in the request. Not performing PAP. Fri Apr 10 11:37:38 2015 : Info: ++[pap] returns noop Fri Apr 10 11:37:38 2015 : Info: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Fri Apr 10 11:37:38 2015 : Info: !!! Replacing User-Password in config items with Cleartext-Password. !!! Fri Apr 10 11:37:38 2015 : Info: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Fri Apr 10 11:37:38 2015 : Info: !!! Please update your configuration so that the "known good" !!! Fri Apr 10 11:37:38 2015 : Info: !!! clear text password is in Cleartext-Password, and not in User-Password. !!! Fri Apr 10 11:37:38 2015 : Info: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Fri Apr 10 11:37:38 2015 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local' Fri Apr 10 11:37:38 2015 : Info: WARNING: Use the PAP or CHAP modules instead. Fri Apr 10 11:37:38 2015 : Info: No User-Password or CHAP-Password attribute in the request. Fri Apr 10 11:37:38 2015 : Info: Cannot perform authentication. Fri Apr 10 11:37:38 2015 : Info: Failed to authenticate the user. Fri Apr 10 11:37:38 2015 : Info: } # server rinuex_email Fri Apr 10 11:37:38 2015 : Info: Using Post-Auth-Type Reject I would like to auth my users with clear-text passwords and with EAP (TTLS+PAP). What do you think that is the best option in my case? Thank you very much in advance. -- :::::::::::::::::::::::::::::::::::: :: Ana Gallardo Gómez :: ::::::::::::::::::::::::::::::::::::