Hi, > rad_recv: Access-Request packet from host 172.20.40.11 port 1025, id=21, > length=218
<snip> > User-Name = "OPTARE\\brouco" <snip> all okay....but then: > # Executing section authorize from file /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[mschap] returns noop > ++[digest] returns noop > [ldap] performing user authorization for brouco > [ldap] expand: %{Stripped-User-Name} -> no stripped-user-name and User-Name is brouco - but thats not what the client sent. they sent OPTARE\\brouco - so your reply reference something they didnt send. have you got 'ntdomain' module enabled in your virtual servers - just after the 'preprocess' is called? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html