Hello List! I got a machine up and running Freeradius 2.1.0 with SSL support to secure a Wireless LAN. In our school’s network we (have to) use an Apple Mac OS X 10.4 Server with Samba as the PDC. Samba stores the user information using the OpenDirectory on the same server – using the NTLM password hashes… so far, there should be no problem for Freeradius using LDAP to connect to the OD an retrieve the NTLM hash to authenticate the wireless clients. But: The Apple version of Samba/OD doesn’t store the password hashes in a single attribute like “ntPassword” but has an attribute authAuthority wherein I can find the password hash along with other data. It looks as follows: ;ApplePasswordServer;0x483c17c8243ef2e50000006300000063,1024 35 125970781877265371419068079752014021791262844836946048377957311154497136228042965757375847122307734052483074746624578126000618735633773317278498981627114249689772743602420918339130341864974993436477801319895573061225381390477597326815293162022588098739972549400419565510594125451003170841605019718114727580097 root@schulserver.intern:10.10.1.1 Question: Is there a possibility of modifying the LDAP return value (e.g. by a regex) so that I only get the hash? I’ve searched the web for over two weeks now, but haven’t found an answer, that satisfies me. I know, I also could use ntlm_auth for authentication, but as far as I can see, I couldn’t select a user group to be granted access. Either all users that Samba knows or none. Via LDAP/OP I could select a single group (e.g. named “WirelessAccess”) that will be successfully granted access to the Wireless. Or am I mistaken at that point? Any help would be greatly appreciated! Thanks in advance, moenster _________________________________________________________________ http://redirect.gimas.net/?n=M1002xWin72 Windows 7 - Alles was Du brauchst und noch viel mehr!