I have tried and nearly completely succeeded in authentication and authorization. The user is identified in LDAP just not provided access (rad_recv: Access-Reject packet from host 10.1.1.27:1812, id=121, length=20). Another issue I have is with the user login. In Windowz, a new user is created by providing the First name, middle initial and last name which is not their "User logon name". These credentials are distributed within AD-LDAP in the "CN=" fields using spaces to break the name. If this is not exactly how the "User logon name" is installed then radius request rejects authentication. An example would be: User Tom Thumb Logon tthumb CN=Tom Thumb sAMAccountName=radtest So when a request of the database occurrs using ldap lookup with "cn=tthumb" it fails and I do not know if there is another way around this but using sAMAccountName doesn't work either. I am hopeful that I am missing something. My question is, how do I get an "Accept" from the request and is there a way around the basedn naming conventions that will alllow FreeRadius to work with Windowz? Below is user "testing" with a logon of "testing". rlm_ldap: - authorize rlm_ldap: performing user authorization for testing radius_xlat: '(cn=testing)' radius_xlat: 'ou=xxxx0,dc=xxxx1,dc=xxxx2,dc=EDU' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to xxxx1.xxxx2.EDU:389, authentication 0 rlm_ldap: bind as superuser@xxxx1.xxxx2.edu/password <mailto:superuser@xxxx1.xxxx2.edu/password> to xxxx1.xxxx2.EDU:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=xxxx0,dc=xxxx1,dc=xxxx2,dc=EDU, with filter (cn=testing) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: group authenticate returns notfound for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 10.1.1.27:32803, id=121, length=59 Sending Access-Reject of id 121 to 10.1.1.27:32803 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 121 with timestamp 43c2d99f Nothing to do. Sleeping until we see a request.