Hi all, I've been tasked with addressing our FreeRadius servers for our eduroam setup here. What I would like to achieve is authentication to happen invisibly where possible - our laptops would perform machine authentication, users would log in and would re-authenticate to wireless invisibly (currently each user needs to set up the wireless connection on each device the use - this is really bad from a user experience point of view, especially for students using laptops from a bank). Has anyone else had any success doing anything like this? The big problem I have run in to is in fact not really FreeRadius at all, rather the domain bound windows clients sending their credentials in the wrong format. Computer authentication comes in the form *host/mypc.bathspa.ac.uk <http://mypc.bathspa.ac.uk>* and users in the format *DOMAIN\myusername, *not *myusername@bathspa.ac.uk <myusername@bathspa.ac.uk>* as required by eduroam. I've updated the policy files on FreeRadius to authenticate the above formats successfully, but if staff are to be able to use their devices on remote eduroam sites, they need either their username ( at least their anonymous ID/identity privacy name) to be sent in the format *someone@bathspa.ac.uk <someone@bathspa.ac.uk>* Has anyone found a way of doing this? thanks in advance, Jim Server Engineer Bath Spa University