I don't think that is the issue. The NAS authenticates my users just fine so long as the /etc/raddb/users file specifies the users "Auth-Type= System". What I want to figure out is how to make the authentication request proxy out to the AD server. Based on the tutorial & test results everything should be working, but I need to know what auth-type to use.
Chad -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Mayers Sent: Saturday, December 03, 2005 9:08 AM To: FreeRadius users mailing list Subject: Re: RADIUS Auth-Type Bohannan, Chad W wrote: > OK, here is the situation. I have successfully configured RADIUS to > authenticate/authorize NAS requests from my Cisco gear so long as the > user "Auth-Type= System". I have also managed to get Samba working and > have joined the radius server to the AD realm in question. This is > confirmed through the following: The radius server doesn't specify MSCHAP. The NAS *tells* the radius server that this request *is* using MSCHAP by virtue of sending the appropriate MSCHAP attributes. Configure your NAS (dialup server, VPN, IPSec+xauth, whatever) to do MSCHAP, and as long as the mschap module is in the authorize and authenticate sections, it will work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html