Hi,
you are CHANING more than ONE thing at a time. look at this: > rlm_eap: Request found, released from the list > rlm_eap: EAP NAK > rlm_eap: EAP-NAK asked for EAP-Type/ttls > rlm_eap: No such EAP type ttls > rlm_eap: Failed in EAP select > modcall[authenticate]: module "eap" returns invalid for request 7 > modcall: group authenticate returns invalid for request 7 > auth: Failed to validate the user. > Login incorrect: [anonymous/<no User-Password attribute>] (from client > 172.24.230.15 port 1 cli 00118865b6e5) why is it now attempting TTLS authentication? why have you taken such auth method out of the loop? ntlm_auth isnt being called AT ALL now. one change at a time! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html