I don't like leaving things unresolved and just laying around like so many other post that I have ran across. I guess Alan DeKok scares them off with the "It's in plain view dumb ass" attitude. I'm sure after answering the questions over and over again, it is about the only response that someone can give who it just tired of the same old questions and wants a challenge.
With that being said... On Ubuntu 10.04 w/ updates, FreeRadius 2.1.8, Windows XP/7, and W2K AD The wiki has a HowTo on AD http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO At the very top of this page there is: Updated tutorial for freeradius 2.x is at: http://deployingradius.com/documents/configuration/active_directory.html This is all well and good, but I jumped straight to that link. There seems to be some information that is left out and that is important in the "Updated tutorial." With all of the frustration I nuked all of FreeRadius from the server using 'aptitude purge freeradius freeradius-common freeradius-utils'. This cleaned up all of my changes. Then I reinstalled FreeRadius. >From here I followed the "Updated tutorial" until I got to: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP. When I reached this section, and I had everything working, I went back to the original HowTo and read though it. (note to self: don't just a head just because a HowTo seems to good to be true. The "Updated tutorial" doesn't let you know anything about peap, with_ntdomain_hack, the default setting of eap, or setting up clients. So it is not, in my opinion a complete walk though. There is light though. Once you I got to the point where ntlm_auth was working for me, I started back on the wiki HowTo and went to the section 'Configuration of clients.conf'. Set the client up. Client foundryAP { Ipaddr = 192.168.0.1 Secret = testing123 } In the Configuration of radius.conf section (this parts seems more like the 1. Config) the 'with_ntdomain_hack = yes' this was found in the ~/modules/mschap file. You don't need 'auth-type = MS-CHAP'. For ntlm_auth I'm using: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of=DOMAIN+group" The eap.conf section of the HowTo was spot on. I also set the clients up, this was pointed out to me earlier in this tread twice, so make sure your client is setup correctly as well. Currently everything is working. I'm able to authenticate though radius using Windows 2000 AD. Resolved. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html