Hi All, I think I already know the answer but I'll ask it just the same. I've been asked to research the possibility to link radius to an external login server.(out of my control) The external server needs a username and cleartext password via a php script and will only reply 'ok' or 'fail'. It will not send back a password or anything. The devices we need to authenticate are numerous. From ipads, iphones, windows phones & android to all iterations of windows (7 and onwards), OSX & linux computers. Most if not all of them are students user devices which cannot be pre-configured. So it needs to work "out of the box". Now I can get this to work easily if I authenticate against a local LDAP server which has NTLM and local user passwd accounts. All of these devices can do EAP-TTLS-Mschapv2 or EAP-PEAP-Mschapv2 but not all of them do TTLS-PAP (Windows & Windows phone etc...) It is not possible with this setup to always get a cleartext password, or is it ? In your valued opinion : Can it be done or should I spend my time on advising and creating a custom capture portal for the network ? Kind regards, Arjan Sinnige