Have you checked the certificate? That's one major difference. ntlm-auth is the auth after the cert conversation in PEAP is done.
Maybe a radiusd -X log to help us along? From: freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org [mailto:freeradius-users-bounces+jmdanner=samford....@lists.freeradius.org] On Behalf Of Nathan McDavit-Van Fleet Sent: Friday, June 25, 2010 8:22 AM To: 'FreeRadius users mailing list' Subject: PEAP - AD Disabled Okay, I've had a working config with the following for the past month. TTLS->LDAP PEAP->AD PEAP->Local Users File After a month running everything perfectly, 3 days ago the "PEAP-AD" portion of the AAA failed. This is for wireless auth. Strangely, I can still auth from the CLI using ntlm_auth and wbinfo. So it appears as if the Samba connection to the AD is fine. Nothing has changed config wise between then and now, and I haven't found any interesting log information. You just get a "Login incorrect" when you try to login via PEAP->AD. Everything else is verified as working. Aside from Freeradius itself, what are the differences between using ntlm_auth via CLI and via Freeradius? Nathan Van Fleet Telecommunications Analyst Network Assessment and Integration IITS Concordia University (514) 848-2424 Extension:5434 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html