Mischa Diehm wrote:For me using ntlm_auth seems like a great deal of adding complexity anddependencies compared to using ldap. I see no real gain in the ntlm_authroad when it comes to User-Auth.You're missing the point. Active Directory does *not* give a passwordto FreeRADIUS, so that FreeRADIUS can do the authentication.For MS-CHAP or PEAP, your *only* choice with AD is to use ntlm_auth.It doesn't matter if you think it's complex. It's the ONLY choice.