Hi, I have searched high and low but I could not find answer to my problem. It may be a very simple problem for the expert users out here. Basically I'm using radius server to perform 802.1x authentication. In my set up, I use an external authentication script (written in python) which accepts user and password. I have successfully proven this set up on eapol_test with EAP-TTLS (PEAP). I perform exec in post-auth section of default. Something like this in users: Auth-Type = Accept Exec-Program-Wait = "/path/to/myscript.py %{User-Name} %{User-Password} This works fine with EAP-TTLS (PEAP). But as you know Windows built in supplicant defaults to CHAP. So I'm keen to get that working. I understand that freeradius needs to know the password (Cleartext-Password) but I can't set that in users file. I don't use ldap or sql modules. I can amend my script to print the password once it has authenticated against the external source. But how do I call my script and set the Cleartext-Password (using the script output) so that CHAP could be performed? Thanks.