> I also need to check that the user is a member of a particular group > in Active Directory before Access-Accept is sent - do I fall back to > LDAP for this?
You can use LDAP in the authorize section to accomplish this. Is the group name you are checking against static? Is it sometimes/always/never the primary group for the user? > I have had LDAP only working with PAP, but am stuck with getting it to > work with MS-CHAP. You can't use LDAP with MS-CHAP. Use the mschap module to do the authentication. Look at the comments in radiusd.conf to see how to use ntlm_auth via the mschap module of FR. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
