So, I read all of the debugging output and I find that mschap failed to find a nt/lm password and stop the real authentication at this moment.
Can you know what is the problem? I think freeradius can't find active directory but it works when I only use the ntlm_auth command so I don't understand. I put my mschap section and a part of the freeradius logs if it can help you. mschap { authtype = MS-CHAP #use_mppe = no #require_encryption = yes #require_strong = yes #with_ntdomain_hack = no ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --domain=mslab --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 236 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for clerk with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html