I'm trying to get v3.0.9 working and running into something that seems mutually exclusive: PAP seems to require Cleartext-Password and then complain that it's not getting User-Password? Also, and probably more important, it seems to be ignoring my Auth-Type Local configuration.... excerpt from site file: authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } Auth-Type Local { pap } Relevant sections from debug output in the different cases: With Cleartext-Password and Auth-Type Local: (0) [sql] = ok (0) [expiration] = noop (0) [logintime] = noop (0) pap: WARNING: Auth-Type already set. Not setting to PAP (0) [pap] = noop (0) } # authorize = ok (0) Found Auth-Type = Local (0) Auth-Type sub-section not found. Ignoring. With Cleartext-Password and Auth-Type PAP: (1) [sql] = ok (1) [expiration] = noop (1) [logintime] = noop (1) pap: WARNING: Auth-Type already set. Not setting to PAP (1) [pap] = noop (1) } # authorize = ok (1) Found Auth-Type = PAP (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/peak (1) Auth-Type PAP { (1) pap: ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! (1) [pap] = invalid (1) } # Auth-Type PAP = invalid (1) Failed to authenticate the user (1) Using Post-Auth-Type Reject With User-Password and Auth-Type PAP: (4) [sql] = ok (4) [expiration] = noop (4) [logintime] = noop (4) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (4) pap: WARNING: !!! Ignoring control:User-Password. Update your !!! (4) pap: WARNING: !!! configuration so that the "known good" clear text !!! (4) pap: WARNING: !!! password is in Cleartext-Password and NOT in !!! (4) pap: WARNING: !!! User-Password. !!! (4) pap: WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (4) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type (4) pap: WARNING: Authentication will fail unless a "known good" password is available (4) [pap] = noop (4) } # authorize = ok (4) Found Auth-Type = PAP (4) # Executing group from file /usr/local/etc/raddb/sites-enabled/peak (4) Auth-Type PAP { (4) pap: Login attempt with password (4) pap: No password configured for the user. Cannot do authentication (4) [pap] = fail (4) } # Auth-Type PAP = fail (4) Failed to authenticate the user (4) Using Post-Auth-Type Reject