Hi Freeradius people, I want to authorize users that connect to AP with my external script. Because I have multiple data source ( multiple Active Directory, another API etc.) and I want to make authorization by using these data sources as I want. That's why I'm using an external script to authorization. I updated /etc/raddb/sites-enabled/default's authorize section; authorize{ update { control: += `/usr/bin/myauthscript '%{User-Name}' '%{User-Password}' -c` reply: += `/usr/bin/myauthscript '%{User-Name}' '%{User-Password}' -v` } When I run "radtest" with PAP method, everything is OK, I have "User-Name" and "User-Password" attributes, I'm able to authorize users etc. However, when I make tests with an AP with 802.1x EAP method, , there is no cleartext password (User-Password) and I cannot make authorization. My question is how can I make authorization without "User-Password" attribute. As I said, I have cleartext passwords in my data sources, so I can hash them and compare with other hash that a client sent. How can I perform this operation with EAP, CHAP, MSCHAP etc. methods?