Dear Alan, thank you , I'm moving slowly forward : ) So now, I have created second ntlm_auth2 file in the modules directory, with this command: exec ntlm_auth2 { wait = yes program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password} --require-membership-of=S-1-5-21-853024553-185696384-3473746203-512" }
I also added new authentication method ntlm_auth2 into sites-available/inner-tunnel and default I tested with "radtest USER PASSWORD localhost 0 testing123" and the test passed : ) So I have created another line in the modules/mschap that looks like: ntlm_auth2 = "/usr/bin/ntlm_auth --request-nt-key --domain=%{%{mschap:NT-Domain}:} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} --require-membership-of= S-1-5-21-853024553-185696384-3473746203-512" But the vpn cisco clients are authenticated through domainname\username and password Is this ntlm_auth2 in the mschap ok ? or should I remove --domain=%{%{mschap:NT-Domain}:} ? I also changed users to : DEFAULT Auth-Type := ntlm_auth2,Huntgroup-Name == "vpn" Thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html