All, Many thanks for the replies.
> Firstly, don't set Auth-Type. It's almost always the wrong thing to do. Sure - I set that just to test the AD auth was working, and removed it again prior to configuring mschap. >EAP is a multi-pass protocol; there will be 4-8 requests, and the actual >MS-CHAP failure will be somewhere in the middle, after the EAP-PEAP TLS >tunnel is established, but before the failure is sent. Ah - doh!. I wasn't sure about posting the whole lot to this list as it runs to quite a few lines so posted it here http://www.nuffield.ox.ac.uk/scratch/logfile.txt Thanks, Mark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
