Hi, > Authentication *works*, but all authentications go to the same DC (the one > specified in "mschap2"). Running "radiusd -X" shows that all mschap1/2/3 > instances are being called, and no authentication *attempts* are being > sent to the other two domain controllers. (1 and 3 aren't failing. They > just aren't *tried*.)
i would advise to increase debuggin in smbd/winbindd and for ntlm_auth also check your samba and kerberos configs to see how you are querying the KDC - are you specifying particular names? It could be that your client did a DNS lookup, cached that answer and doesnt want to use anything else - a few entries in /etc/hosts might be in order alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
