Hi, Hope someone can give me a pointer on this matter. We have 2 RADIUS installations, thus: 1. FreeRADIUS/mysql Version 2.1.1, in whose radcheck, Password attribute is 'User-Password' 2. FreeRADIUS/mysql Version 2.1.10, in whose radcheck, Password attribute is 'Cleartext-Password' On both freeradius servers sql and perl modules are enabled in authorize and accounting groups, and both servers accept PAP and CHAP auth if queried directly Server 2 is configured to proxy requests for unknown users for certain prefixes/suffixes to server 1, if perl and sql return no user: authorize { preprocess chap mschap digest eap { ok = return } files expiration logintime sql perl if (notfound) { suffix hotspotUser } pap } Challenge is, on Server 2, testing with radtest (passing the attributes so: radtest -t <type> iS_u2h4gna a2uwv localhost 1812 secret) , local users are authed fine, but non-local users always return with a reject. Debug output of server 1, if I use CHAP to attempt auth with radtest on server 2, is always: ++[pap] returns noop Found Auth-Type = CHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group CHAP {...} [chap] login attempt by "iS_u2h4gna" with CHAP password [chap] Using clear text password "uz3f9" for user iS_u2h4gna authentication. [chap] Password check failed ++[chap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} If, I use PAP with radtest on server 2, server 1 returns ++[pap] returns updated Found Auth-Type = PAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group PAP {...} [pap] login attempt with password "a2uwv" [pap] Using clear text password "uz3f9" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} I have tried changing the "known good" clear text password on server 1 as recommended in the warning to no effect. (Is this because User-Password and Cleartext-Password must necessarily be the unequal and co-related)? If so, How can i convert 1 to the other? Hopefully, JamesTM --