> mschap { > use_mppe = yes > require_encryption = no > require_strong = no > with_ntdomain_hack = yes > ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key > --username=%{mschap:User-Name:-None} --domain=%{mschap:NT-Domain:-MYDOMAIN} > --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" > }
You have set up mschap module to use AD authentication (ntlm_auth). >rad_recv: Access-Request packet from host 10.2.0.4 port 1645, id=2, length=63 > NAS-IP-Address = 10.2.0.4 > NAS-Port = 0 > NAS-Port-Type = Async > User-Name = "admin" > User-Password = "admin" Then you send a pap request and wonder why it isn't working. Try sending mschap requests. If you need to authenticate pap requests against AD than you can use ntlm_auth as an authentication script, but it would be easier to use ldap module to fetch information. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html