When I have (radcheck) attribute `User-Password', authentication succeeds but we see the following:
rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type CHAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "CHAP" +- entering group CHAP rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password rlm_chap: Using clear text password "aromaescape" for user elmaroma_cn3000 authentication. rlm_chap: chap user elmaroma_cn3000 authenticated succesfully ++[chap] returns ok If I change the attribute to `Cleartext-Password', authentication fails and I see: rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type CHAP auth: type "CHAP" +- entering group CHAP rlm_chap: login attempt by "elmaroma_cn3000" with CHAP password rlm_chap: Cleartext-Password is required for authentication ++[chap] returns invalid auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [elmaroma_cn3000/<CHAP-Password>] (from client cn3000_aroma port 0 cli 00-02-6F-xx-xx-92) The "users" file ---------------------- DEFAULT Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP --------------------- authorize { preprocess chap mschap suffix unix files sql expiration logintime noresetcounter dailycounter monthlycounter daypasscounter pap} authenticate { pap chap mschap} Thanks muchly, Andrew Long EWS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html