I'm trying to get Windows XP authenticating using logon username/password. # freeradius -X [...] rad_recv: Access-Request packet from host 192.168.12.3:1048, id=0, length=217 Message-Authenticator = 0xdbb... Service-Type = Framed-User User-Name = "TELPERION\\heruan" Framed-MTU = 1488 Called-Station-Id = "00-19-5B-XX-XX-XX:Telperion" Calling-Station-Id = "00-13-02-XX-XX-XX" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02... NAS-IP-Address = 192.168.12.3 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "heruan", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 0 length 21 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for heruan radius_xlat: '(|(uid=heruan)(cn=heruan))' radius_xlat: 'dc=aldu,dc=net' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) rlm_ldap: looking for check items in directory... rlm_ldap: Adding sambaNTPassword as NT-Password, value 0DBF... & op=21 rlm_ldap: Adding sambaLMPassword as LM-Password, value 5388... & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 rlm_pap: Normalizing NT-Password from hex encoding rlm_pap: Normalizing LM-Password from hex encoding rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 4 seconds... rad_recv: Access-Request packet from host 192.168.12.3:1048, id=0, length=217 Sending Access-Reject of id 0 to 192.168.12.3 port 1048 I wonder what "Identity does not match User-Name, setting from EAP Identity." means... Enabling/disabling "ntdomain_hack" on mschap module didn't change anything :( G.L. -- www.aldu.net/~heruan giovanni.lovato@aldu.net