Good afternoon everybody, We have configured freeradius to authenticate against Active Directory/Samba using ntlm_auth, following the instructions on: http://deployingradius.com/documents/configuration/active_directory.html Everything works as expected. Right now on our production server we are using LDAP to store the user credentials. We would like to achieve a smooth transition to the new authentication method. So want to configure freeradius to authenticate with ntlm_auth just in the cases when there is not ClearText-Password available, but we do not know how to do it. Using instructions from modules/mschap: # If ntlm_auth is configured below, then the mschap # module will call ntlm_auth for every MS-CHAP # authentication request. If there is a cleartext # or NT hashed password available, you can set # "MS-CHAP-Use-NTLM-Auth := No" in the control items, # and the mschap module will do the authentication itself, # without calling ntlm_auth. We were able to *bypass* the ntlm_auth on some users/groups defining on the users file the control item "MS-CHAP-Use-NTLM-Auth := No". But is there a way to configure freeradius such that if Cleartext-Password password is available it uses it, and otherwise it uses ntlm_auth to authenticate? Thank you so much for your help. Regards, * Oscar Remírez de Ganuza Satrústegui* Servicios Informáticos (Área de Infraestructuras) Universidad de Navarra Tel. +34 948425600 x803130 http://www.unav.es/SI/