>I follow your documentation and succeed with the part "Configuring FreeRADIUS >to use ntlm_auth" > >So I want to use "Configuring FreeRADIUS to use ntlm_auth for MS-CHAP",
Why? Your client is not using mschap. If you want to test if mschap works you can send test requests with ntradping or JRadius Simulator. But it will be of no pratical use since your clients are doing pap. >Do I have to keep the following line in my radiusd.conf ? > >exec ntlm_auth { > wait = no > > program = "/path/to/ntlm_auth ntlm_auth --request-nt-key >--domain=MYDOMAIN --username=%{mschap:User-Name} >--password=%{User-Password}" > } That's one way of doing things. But you will need to force auth type which will brake other methods. It's better to configure AD as the ldap server and retrieve the password from it (as NT-Password) and let freeradius pap module do authentication. Ldap "bind as user" authentication will work for pap requests as well then. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html