Hi, I try to convert our freeradius2 setup to a new freeradius3 configuration. A setup with TTLS + PAP is working, but when I switch to PEAP I'll get the following output. Any idea, or a howto with a LDAP-Provider with NT-Hashes? radiusd: FreeRADIUS Version 3.0.12, for host x86_64-pc-linux-gnu, built on Aug 10 2017 at 07:05:06 (10) redundant { rlm_ldap (server1): 0 of 0 connections in use. You may need to increase "spare" rlm_ldap (server1): Opening additional connection (0), 1 of 32 pending slots used rlm_ldap (server1): Connecting to ldap://ldap1.DOMAIN:389 rlm_ldap (server1): Waiting for bind result... rlm_ldap (server1): Bind successful rlm_ldap (server1): Reserved connection (0) (10) server1: EXPAND (&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(radiusaccessattribute=EDUROAM)) (10) server1: --> (&(uid=whans)(radiusaccessattribute=EDUROAM)) (10) server1: Performing search in "ou=user,DOMAIN" with filter "(&(uid=whans)(radiusaccessattribute=EDUROAM))", scope "sub" (10) server1: Waiting for search result... (10) server1: User object found at DN "uid=whans,ou=W,ou=Mitarbeiter,ou=User,DOMAIN" (10) server1: Processing user attributes (10) server1: control:NT-Password := 0x3144364643424433303630373744363633453233373735453535423346324535 rlm_ldap (server1): Released connection (0) rlm_ldap (server1): Need 2 more connections to reach 10 spares rlm_ldap (server1): Opening additional connection (1), 1 of 31 pending slots used rlm_ldap (server1): Connecting to ldap://ldap1.leuphana.de:389 rlm_ldap (server1): Waiting for bind result... rlm_ldap (server1): Bind successful (10) [server1] = updated (10) } # redundant = updated (10) [mschap] = noop (10) pap: Normalizing NT-Password from hex encoding, 32 bytes -> 16 bytes (10) pap: No User-Password attribute in the request. Cannot do PAP (10) [pap] = noop (10) } # authorize = updated (10) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (10) Failed to authenticate the user (10) Using Post-Auth-Type Reject Regrads Carsten