Radius.conf File: authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } unix eap } authorize { preprocess chap mschap suffix eap files ldap } ldap { server = "xxx.xxx.xxx.xxx" identity = "cn=redes,ou=admins,ou=radius,dc=mydomain,dc=com" password = secret basedn = "ou=users,ou=radius,dc=mydomain,dc=com" filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))" password_attribute = "userPassword" ssword_attribute = "userPassword" authtype = ldap start_tls = no tls_cacertfile = /usr/local/radius/etc/raddb/certs/demoCA/cacert.pem tls_cacertdir = /usr/local/radius/etc/raddb/certs tls_certfile = /usr/local/radius/etc/raddb/certs/server.pem tls_keyfile = /usr/local/radius/etc/raddb/certs/demoCA/private/cakey.pem tls_randfile = /usr/local/radius/etc/raddb/certs/random tls_require_cert = "demand" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } eap.conf file eap { default_eap_type = ttls timer_expire = 60 ignore_unknown_eap_types = no tls { private_key_password = secretpasswd private_key_file = ${raddbdir}/certs/server.pem certificate_file = ${raddbdir}/certs/server.pem CA_file = ${raddbdir}/certs/root.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } mschapv2 { } } users file: DEFAULT Auth-Type := LDAP Fall-Through = No ....And I add to ldap.attrmap file the next: checkItem User-Password userPassword checkItem LM-Password sambaLMPassword checkItem NT-Password sambaNTPassword