>I believe I did all I had to enable my freeradius server to chat to >windows AD > > >I did changes to my FreeRADIUS configuration according >http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
I have news for you - you haven't done any of this: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO#Configuration_of_radiusd.conf > Module: Instantiating mschap > mschap { > use_mppe = yes > require_encryption = no > require_strong = no *> with_ntdomain_hack = no* > } Also no ntlm_auth configured in mschap module (raddb/modules/mschap). So: >[mschapv2] +- entering group MS-CHAP {...} >[mschap] NT Domain delimeter found, should we have enabled >with_ntdomain_hack? Server asks about the hack. >[mschap] Told to do MS-CHAPv2 for AD\tomas with NT-Password >[mschap] FAILED: MS-CHAP2-Response is incorrect >++[mschap] returns reject And it isn't using ntlm_auth. You have an updated manual (relevant to freeradius 2.x) at: http://deployingradius.com/documents/configuration/active_directory.html Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html