Hi,
This url here looks like what I need http://support.novell.com/docs/Tids/Solutions/10100693.html but their instructions are pretty lousy "For machine-based authentication or user based authentication, modify the RADIUSD.CONF file by adding the following lines:" doesnt say where or what section to add said lines to and we all know how touchy the radiusd.conf file is.
those parts can go pretty much anywhere in the main config file - eg stick them at the end of the file. from what I can see of the log the NTLM is working fine - the NTKEY reply matched and its all okay. which leaves me to assume that a config on the client isnt correct - is the machine configured to validate the RADIUS server and does it have the correct 'tick' for the certificate and host name for the server to validate? alan