> Is it possible to have freeradius integrated in a environment with two > totally different domains, one controlled by edirectory and the other by > active directory?
Yes. You will need to create two mschap instances (one with ntlm_auth and one without) and failover in Auth-Type MS-CHAP. Auth-Type MS-CHAP { mschap_default { reject = 2 } if(reject) { mschap_ad } } Where mschap_default is a copy of default mschap module while mschap_ad has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql, users file stored passwords). If you are going to have pap requests as well you should add failover to ntlm_auth after pap: if(!Auth-Type) { update control { ntlm_auth } } Is there interest for this? I can write a guide how to combine authentication of AD stored accounts with those stored elsewhere (ldap, sql, users file). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html