Hi I configured 2 ldap modules, one using a clear-text password for PEAP-TLS with MS-CHAPv2 or only CHAP authentication, and one retrieving a Crypt-Password for using PAP-Authentication. radiusd.conf: ldap ldap-PEAP { server = "ip" port = 400 identity = "cn=florian,ou=allro,ou=AAAdsadm,o=Universitaet Erlangen-Nuernberg,c=DE" password = xxxxxx basedn = "ou=AAAuser,o=Universitaet Erlangen-Nuernberg,c=DE" filter = "(Userid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "uid" #The mapping-file for PEAP: -> retrieves the cleartext-Password dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = "User-Password" timeout = 24 timelimit = 23 net_timeout = 1 ldap_debug = 5 } ldap ldap-PAP { server = "ip" port = 400 identity = "cn=florian,ou=allro,ou=AAAdsadm,o=Universitaet Erlangen-Nuernberg,c=DE" password = xxxx basedn = "ou=AAAuser,o=Universitaet Erlangen-Nuernberg,c=DE" filter = "(Userid=%{Stripped-User-Name:-%{User-Name}})" access_attr = "uid" #The mapping-file for PAP: -> retrieves the User-Password dictionary_mapping = ${raddbdir}/ldap.attrmap.pap ldap_connections_number = 5 password_attribute = "User-Password" timeout = 24 timelimit = 23 net_timeout = 1 ldap_debug = 5 } In the authorize-section I have added "group", as told in configurable_failover: authorize { preprocess suffix chap mschap group { ldap-PAP { #first try ldap-PAP, only return if it succeeds notfound = 1 noop = 2 updated = 3 fail = 4 reject = 5 userlock = 6 invalid = 7 handled = 8 ok = return } ldap-PEAP{#then ldap-PEAP notfound = 1 noop = 2 updated = 3 fail = 4 reject = 5 userlock = 6 invalid = 7 handled = 8 ok = return } eap{ #then EAP notfound = 1 noop = 2 updated = 3 fail = 4 reject = 5 userlock = 6 invalid = 7 handled = 8 ok = return } files{#then files notfound = 1 noop = 2 updated = 3 fail = 4 reject = 5 userlock = 6 invalid = 7 handled = 8 ok = return } } But it only takes the first entry, and if I switch the order of ldap-PAP and ldap-PEAP, so it should take ldap-PAP, therefore retrieve an Crypt-Password from the ldap-PAP-section it wants to use ldap for authentication!?!?!? What do I wrong? Thanks in advance Flo -- -------------------------------------------------------------- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Germany Tel.: +499131 8527813