Hi Alan, thank you for your answer, that page/table was awesome regarding your tips: a) i dont wanna do, maybe if i have no other choice, ill have 2 password attributes SSHA+NTLM, but its a clear no to clear-text, and a maybe to NT hash b) need it, so not gonna happen so, as i need to proceed further with my investigation, what are my options really? :D i was thinking at the following: to do the normal user authentication in LDAP, based on the provided realm, and if no realm present authenticate the users in users file. Users which use 802.1x will be saved in clear-text in users file and users used for authentication for other stuff, will be checked in LDAP (@mydomain.com) or can i switch this around? a user: myuser@dot1x.com will be based on the real authenticated in users file for 802.1x and a user with no realm will be authenticated in LDAP? please tell me your opinion on this, is it possible? Thanks & Best Regards, Caius Pargar