On Sat, Oct 11, 2008 at 07:59:11AM +0200, Alan DeKok wrote: :Jonathan D. Proulx wrote: :> :so upward (to 2.x) and onward and straight to ttls. : : Are you using the 2.x configuration files, or did the install process :leave the 1.x versions in place? The 1.x configs were in /etc/freeradius, the 2.x in /usr/local/etc/raddb. Purging the 1.x config doesn't change the behavior. :> [pap] login attempt with password "password" :> [pap] Using CRYPT encryption. : : This isn't in the default configuration files for 2.x. Hmmm. root@hermia:~# radiusd -v radiusd: FreeRADIUS Version 2.1.1, for host x86_64-unknown-linux-gnu, built on Oct 10 2008 at 18:11:11 and all the inluded files show on startup are from /usr/local/etc/raddb/ this is the PAP bit from startup: radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } and on closer inspection the files module does seem to be doing the right thing: Module: Instantiating files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } # grep jon /usr/local/etc/raddb/users jon Cleartext-Password := "password" This was my build: ./configure --enable-strict-dependencies --without-rlm_eap_tnc --without-rlm_sql_oracle --without-rlm_sql_unixodbc make make install Well, I can't think what and you say it should work. It's a new morning and I'm freshly caffinated so I guess I'll rip it all down and try try again. -Jon