hi, the guide you are following - using ntlm_auth against AD, binding into AD etc is really geared up for doing EAP (PEAP MSCHAPv2 in particular) what _you_ are attempting to do with RADIUS for login authentication of the cisco switches/routers involves plaintext passwords...int his case you'd want to use a kerberos check against your AD instead alan