Hi freeradius-list, I'm trying to configure v3.0.11 and have some problems to understand how freeradius requests the configuration. The plan is to process requests via PEAP/MS-CHAPv2 to check MD4-Hashes against NT-Password-Attribute at a LDAP database. As I understand, PEAP gets processed within the outer default-virtual server and this passes the inner MS-CHAPv2 to inner-tunnel. Now I'm not shure if it has to be processed through the mschap-module or through ldap-module. If mschap-module where or when does freeradius get the NT-Password from LDAP? Does the mschap-module trigger the ldap-module? In details I want to upgrade a working 2.0.0 configuration to 3.0.11 (and then update to the upcoming 3.0.12 release). Another point I'm struggeling are the mappings of the LDAP attributes. I have the old ldap.attrmap, but don't know how to bring checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem to the new configuration. changing the NT-Password is more simple ;) Later on some requests should get proxied via RadSec depending on their REALM, but for now having the above working would make me quite happy. I'm very thankful for your help! Thanks!