Hello, I wonder if it is possible to configure freeradius to authenticate default windows supplicants (offering PEAP only method) to authenticate users in wired network against kerberos. I have working configuration - freeradius can succesfully authenticate users against kerberos using DEFULT Auth-Type = Kerberos in users file: Found Auth-Type = Kerberos # Executing group from file /etc/raddb/sites-enabled/default +- entering group Kerberos {...} rlm_krb5: verify_krb_v5_tgt: host key not found : Key table entry not found ++[krb5] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop ++[reply] returns noop Sending Access-Accept of id 11 to 10.5.200.201 port 1645 Service-Type = NAS-Prompt-User Cisco-AVPair = "shell:priv-lvl=15" Finished request 0. Going to the next request Now I would like to protect ethernet network with 802.1x protocol. I am stuck, because I don't have User-Password inside of the PEAP tunnel (I know the reason why I don;t have that password there, no need to explain :)) which is needed for kerberos module. Is there any other method to get it working ? I've googled out some info about using ttls tunnel instead of peap, but I have no idea how to force windows supplicants to do so. Best regards -- Adrian