Hi all, Thanks to everyone for their help. I seem to have generated quite a bit of discussion so I thought I'd summarise where I'm "up to" in case it helps.
I have a server successfully authenticating users using eap-mschapv2 or eap-ttls for eduroam and wired 802.1x. I'm now trying to expand the system to include authorisation/authentication for console and telnet access to cisco switches. For telnet access, I now have: A new file modules/ntlm_auth which contains, exec ntlm_auth { wait = yes program = "/usr/sfw/bin/ntlm_auth --request-nt-key --username=%{User-Name} --password=%{User-Password}" } At the end of the users file, DEFAULT NAS-Port-Type = Virtual, NAS-IP-Address = x.x.x.x, Auth-Type := ntlm_auth And at the end of the sites-enabled/default and sites-enabled/inner-tunnel authenticate sections, immediately after eap ntlm_auth It works though interestingly (for me at least) if I comment out ntlm_auth from the inner-tunnel file, the server fails to start with an "Unknown value ntlm_auth for attribute Auth-Type" error. I don't understand that as I don't want to use this authentication method with peap! Obviously the users entry above only works for a single switch as the IP address is specified. Next step is to specify groups of switches. Thanks again, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html