Hi, you need to ensure that LDAP is being called in the authenticate section of the inner-tunnel (in the EAP phase) and that it is being given the cleartext password that you say is being stored there.
you also need to protect your authorize calls to LDAP - as your debug clearly shows that its being hit all the time - thats a performance hit that doesnt scale. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
