Hi Radius Fans, I am trying to move our current environment from 1.1.7 to 2.1.10 and are having a problem getting things to work. We have a Novell NDSLdap server which provides clear text passwords for Novell users. We are using peap-mschapv2. In looking at the logs and Eap-Messages we see: response 01 identity (username) -> server The server looks up the user in ndsldap and: Info: [ldap] Added the eDirectory password (password removed) in check items as Cleartext-Password Then the server sends a request 02 to use EAP-TLS There are a series of responses (mostly appear to be ack) and requests to get the tunnel setup which succeeds. Near the end the client sends a response (ID=8) which is a response to the mschap2 challenge. When the server is processing this response it reports: Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password. I put in some additional debugging and found that address of the request->config_item has changed from when the ldap module put the cleartext password in as a pair and when the mschap module attempts to remove it. The ldap module is called in authorize and the mschap is called in authenticate. What might be causing the request->config to be at a different location between when the clear text password is stored and when it is needed to authenticate? johnh...