Yes you can do use the ldap module of freeradius to hit your AD, I am doing this now. Yes you can do ssl/tls for encryption between the radius server and AD. Windows server 2000 does not support tls, only ssl. It is similar to setting up mm_mod_auth_ldap for apache. You will need an ldap browser to browse your domain to find out the correct search filters for everything. The only thing I can't figure out is how to check for group membership. I posted to the mailing list, but no one has responded yet :-( There is good documentation on the wiki. Look for my previous post about not getting groups working to see my config files. -- Chris Liles System Analyst Air2Web, Inc. 1230 Peachtree St. N.E. 12th Floor Atlanta, GA 30309 Tel: (404) 942-5334 Fax: (404) 815-7708 -----Original Message----- From: freeradius-users-bounces+chris.liles=air2web.com@lists.freeradius.org [mailto:freeradius-users-bounces+chris.liles=air2web.com@lists.freeradius.org] On Behalf Of Frank Smith Sent: Monday, May 08, 2006 11:55 AM To: freeradius-users@lists.freeradius.org Subject: win2003 Active Directory authentication I am running AD in native mode. By my ancient understanding of samba, I cannot join this domain. I can authenticate using ldap, no? Also, is this insecure due to clear text? Any other ideas for what I want here? Thanks!