We got ntlm_auth against AD working for PEAP, we also got separate server for PEAP against ldap ntPassword hash. in latest etc/raddb/modules/mschap # The module can perform authentication itself, OR # use a Windows Domain Controller. This configuration # directive tells the module to call the ntlm_auth # program, which will do the authentication, and return # the NT-Key. Note that you MUST have "winbindd" and # "nmbd" running on the local machine for ntlm_auth # to work. See the ntlm_auth program documentation # for details. # # If ntlm_auth is configured below, then the mschap # module will call ntlm_auth for every MS-CHAP # authentication request. If there is a cleartext # or NT hashed password available, you can set # "MS-CHAP-Use-NTLM-Auth := No" in the control items, # and the mschap module will do the authentication itself, # without calling ntlm_auth. # # Be VERY careful when editing the following line! Is there any way to have a virtual server(1812/1813) for mschapv2-ntlm_auth-AD and another virtual server(1814/1815) for mschapv2-ldap ntPassword hash? Here is our situation: We have faculty/staff in active directory.So we are using ntlm_auth against AD for their network authentication. Faculty/staff will sign on with username, it will get directed to ntpm_auth against AD. We have student in ldap with ntPassword but not in AD. So we would like to have student sign on with username@foo.edu, so we can manipulate the radius configuration to direct username@foo.edu to use ldap ntPassword authentication. Is there anyway using freeradius to accomplish this? Thanks for any insight! Schilling