> Yup, that line is there. Much of the doc online is WAY out of date, so I'm > wondering if by actually RTFM first I broke something?
Ok. This may sound crazy and it may not be your problem, but, I thought I'd mention it anyway.. Look at the samAccountName attribute in A/D for a user that is failing and see if it is all lowercase. If not and the userid wasn't entered with the exact case in A/D, then you may receive Logon failure in some circumstances. Check to see if your debug output shows "Logon failure" from ntlm_auth. If so, you may be having the same problem I've seen (incorrect MS-CHAPv1 challenge created by rlm_mschap because the User-Name attribute doesn't exactly match the userid in the MS-CHAPv2 response packet's Name field). I have a patch for this problem that I just finished testing earlier today. I need to clean it up a bit (remove excess debug code) and then I will submit it. If this is affecting you, logging on with cached credentials, entering the user/password manually or logging on with the userid in correct case is a workaround.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html