Hello. I'm sorry for the odd question. I have a freeradius installation with version 3.0.15. Approximately a year ago I configured the next scheme: - all users contained in MySQL; - all users have an NTLM-hash as a password; - when the user tries to auth to a radius, radius-server was hashed the incoming password to NTLM-hash and check it. Now I can't repeat it, and I don't know why. I see the next error in my log: Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: NT-Password := 0x696e616d6974414c545a694e3039393021 Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: FROM 1 TO 1 MAX 2 Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: Examining NT-Password Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: OVERWRITING NT-Password FROM 0 TO 0 Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: TO in 1 out 1 Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ::: to[0] = NT-Password Thu Dec 20 01:10:08 2018 : Debug: (138) sql-wifi: ... falling-through to profile processing Thu Dec 20 01:10:08 2018 : Debug: rlm_sql (sql-wifi): Released connection (19) Thu Dec 20 01:10:08 2018 : Info: Need 1 more connections to reach min connections (5) Thu Dec 20 01:10:08 2018 : Info: rlm_sql (sql-wifi): Opening additional connection (30), 1 of 6 pending slots used Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Starting connect to MySQL server Thu Dec 20 01:10:08 2018 : Debug: rlm_sql_mysql: Connected to database 'my_table' on 127.0.0.1 via TCP/IP, server version 5.7.19-17-log, protocol version 10 Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned from sql-wifi (rlm_sql) Thu Dec 20 01:10:08 2018 : Debug: (138) [sql-wifi] = ok Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: calling pap (rlm_pap) Thu Dec 20 01:10:08 2018 : WARNING: (138) pap: Auth-Type already set. Not setting to PAP Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authorize]: returned from pap (rlm_pap) Thu Dec 20 01:10:08 2018 : Debug: (138) [pap] = noop Thu Dec 20 01:10:08 2018 : Debug: (138) } # authorize = updated Thu Dec 20 01:10:08 2018 : Debug: (138) Found Auth-Type = eap Thu Dec 20 01:10:08 2018 : Debug: (138) # Executing group from file /etc/raddb/sites-enabled/default Thu Dec 20 01:10:08 2018 : Debug: (138) authenticate { Thu Dec 20 01:10:08 2018 : Debug: (138) modsingle[authenticate]: calling eap (rlm_eap) Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Expiring EAP session with state 0x0d5314a80d540ec8 Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Finished EAP session with state 0x0d5314a80d540ec8 Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Previous EAP request found for state 0x0d5314a80d540ec8, released from the list Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Peer sent packet with method EAP MSCHAPv2 (26) Thu Dec 20 01:10:08 2018 : Debug: (138) eap: Calling submodule eap_mschapv2 to process data Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/default Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: Auth-Type MS-CHAP { Thu Dec 20 01:10:08 2018 : Debug: (138) eap_mschapv2: modsingle[authenticate]: calling mschap (rlm_mschap) Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: NT-Password found but incorrect length, expected 16 bytes got 17 bytes. Authentication may fail Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password configured. Cannot create NT-Password Thu Dec 20 01:10:08 2018 : WARNING: (138) mschap: No Cleartext-Password configured. Cannot create LM-Password Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Creating challenge hash with username: y.lilekov Thu Dec 20 01:10:08 2018 : Debug: (138) mschap: Client is using MS-CHAPv2 Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: FAILED: No NT/LM-Password. Cannot perform authentication Thu Dec 20 01:10:08 2018 : ERROR: (138) mschap: MS-CHAP2-Response is incorrect For the authorize_check_query and authorize_reply_query I'm using the next queries: authorize_check_query = "\ SELECT wifi_id as id, username, 'NT-Password' as attribute, pass_hash, ':=' as op \ FROM ${authcheck_table} \ WHERE username = '%{SQL-User-Name}' \ ORDER BY id" authorize_reply_query = "\ SELECT wifi_id as id, username, 'NT-Password' as attribute, pass_hash, ':=' as op \ FROM ${authcheck_table} \ WHERE username = '%{SQL-User-Name}' \ ORDER BY id" The error is logical. But I can't remember how it could be work a year ago... I'll happy to read any suggestion. -- Best regards, Anton Kiryushkin