Hi, > MS-CHAP is an option but must be supported on the client end, using > ntlm_auth.
ntlm_auth needs to run on the server that also runs FreeRADIUS, because FreeRADIUS passes the credentials to ntlm_auth, which will then do the job (i.e. talk to AD and verify the credentials). The client does not have to know anything about ntlm_auth. It just needs to talk MS-CHAP. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html