Hello, I have a problem to get the configuration for user authentication with SHA2-Password up and running (also SHA/MD5-Password doesn't work). Everythink else works, also authentication with Cleartext-Password and Crypt-Password ##### Cleartext-Password: pap : Login attempt with password pap : User authenticated successfully Crypt-Password: pap : Login attempt with password pap : Comparing with "known-good" Crypt-password pap : User authenticated successfully ##### Version: Freeradius 3.0.3 OS: SLES12 Output: # radiusd -X Listening on auth address * port 1812 as server default Listening on acct address * port 1813 as server default Opening new proxy socket 'proxy address * port 0' Listening on proxy address * port 36131 Ready to process requests. Received Access-Request Id 7 from 10.10.10.2:62047 to 10.10.20.2:1812 length 46 User-Name = 'testuser' User-Password = '12345678' (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) files : users: Matched entry testuser at line 2 (0) [files] = ok (0) pap : Normalizing SHA2-Password from hex encoding, 64 bytes -> 32 bytes (0) [pap] = updated (0) } # authorize = updated (0) Found Auth-Type = PAP (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Auth-Type PAP { (0) pap : Login attempt with password (0) pap : Comparing with "known-good" SHA2-Password (0) ERROR: pap : SHA-256 digest does not match "known good" digest (0) pap : Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user. (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Post-Auth-Type REJECT { ... } # empty sub-section is ignored (0) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed response Sending Access-Reject Id 7 from 10.10.20.2:1812 to 10.10.10.2:62047 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 7 with timestamp +51 Ready to process requests. I think the hash is correct: # echo "12345678" | openssl dgst -sha256 # 2634c3097f98e36865f0c572009c4ffd73316bc8b88ccfe8d196af35f46e2394 /etc/raddb/users #testuser Cleartext-Password := "12345678" testuser SHA2-Password := "2634c3097f98e36865f0c572009c4ffd73316bc8b88ccfe8d196af35f46e2394" #testuser Crypt-Password := "s9Xk6K7lnMWek" What I'm doing wrong? I read the faq and documents, but I don't get it work. Yours Faithfully, Christoph