ok I think I am really close to getting this working (having everything in mysql db).
as a side note. i use a table called user instead of radcheck with different titles for the columns because this db is for other stuff too.. here are the tables: mysql> select * from user; +----------+------------+-------------+----------+--------------+---------------+----+ | useridnr | userid | passwd | clientid | maxmail_size | Attribute | op | +----------+------------+-------------+----------+--------------+---------------+----+ | 30 | radman2 | testing | 0 | 2097152 | User-Password | := | +----------+------------+-------------+----------+--------------+---------------+----+ mysql> select * from usergroup; +----+------------+-----------+ | id | UserName | GroupName | +----+------------+-----------+ | 2 | radman2 | default | +----+------------+-----------+ mysql> select * from radgroupcheck; +----+-----------+------------------+--------+------+ | id | GroupName | Attribute | Value | op | +----+-----------+------------------+--------+------+ | 10 | default | Simultaneous-Use | 1 | := | | 9 | default | Auth-Type | PAP | := | +----+-----------+------------------+--------+------+ mysql> select * from radgroupreply; +----+-----------+-------------------+-------------+------+------+ | id | GroupName | Attribute | Value | op | prio | +----+-----------+-------------------+-------------+------+------+ | 2 | default | User-Service-Type | Framed-User | = | 0 | | 3 | default | Framed-Protocol | PPP | = | 0 | | 4 | default | Fall-Through | Yes | = | 0 | +----+-----------+-------------------+-------------+------+------+ I have my radiusd.conf like this: pap { encryption_scheme = clear } authorize { preprocess sql } authenticate { authtype PAP { pap } } preacct { preprocess } accounting { unix sql radutmp } session { radutmp } When I run radtest radman2 testing localhost 10 <sekret> 2 <NAS hostname> radtest seems to always encrypt my password, since I am storing pwds in cleartext, the auth never works. Here is some output: root@localhost# radtest radman2 testing localhost 10 <sekret> 2 <NAS hostname> Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = "radman2" User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" NAS-IP-Address = <NAS hostname> NAS-Port-Id = "10" Framed-Protocol = PPP rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20 rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid signature! ************************* output from radiusd -X rad_recv: Access-Request packet from host 127.0.0.1:1087, id=128, length=63 User-Name = "radman2" User-Password = "\2529M\234\353,\006w\2657K\346m\301\022@" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "10" Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok radius_xlat: 'radman2' sql_escape in: 'radman2' sql_escape out: 'radman2' sql_set_user: escaped user --> 'radman2' radius_xlat: 'SELECT useridnr,userid,Attribute,passwd,op FROM user WHERE userid = 'radman2' ORDER BY useridnr' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'radman2' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'radman2' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'radman2' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' radius_xlat: 'SELECT passwd,Attribute FROM user WHERE userid = 'radman2' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type PAP auth: type "PAP" modcall: entering group authtype rlm_pap: login attempt by "radman2" with password à\z rlm_pap: Using password testing for user radman2 authentication. rlm_pap: Using clear text password. rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject modcall: group authtype returns reject auth: Failed to validate the user. Login incorrect (rlm_pap: CLEAR TEXT password check failed): [radman2/\340\\z] (from client localhost port 0) WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! **************** This WARNING says check my secret, but I know that is correct for sure. From the rest of the above messages I see that the password doesn't match. And from this "[radman2/\340\\z]" I can see that it is not comparing the correct password. Why does radtest always encrypt my password and how I can go about testing my radius setup if I cannot use radtest? Thanks for all your help thus far! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html