Hi Alan, Thanks for your response. It didn't work either, the output is: Listening on authentication address * port 1645 Listening on accounting address * port 1646 Listening on proxy address * port 1647 Ready to process requests. rad_recv: Access-Request packet from host "AP's IP" port 1645, id=91, length=181 User-Name = "MyDOMAIN\\ortegaca" Framed-MTU = 1400 Called-Station-Id = "0015.62c8.75d0" Calling-Station-Id = "001f.3c2d.78d6" Cisco-AVPair = "ssid=radiusd" Service-Type = Login-User Message-Authenticator = 0x96ffc01213282f492a9dfebcac5f5cf0 EAP-Message = 0x02020017015044565341323030305c6f72746567616361 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "3280" NAS-Port = 3280 NAS-IP-Address = "AP's IP" NAS-Identifier = "ap" +- entering group authorize {...} [ntlm_auth] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ntlm_auth] ... expanding second conditional [ntlm_auth] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ntlm_auth] expand: %{User-Name:-None} -> MyDOMAIN\ortegaca [ntlm_auth] expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=MyDOMAIN\ortegaca [ntlm_auth] No MS-CHAP-Challenge in the request. [ntlm_auth] expand: --challenge=%{mschap:Challenge:-00} -> --challenge= [ntlm_auth] No MS-CHAP-Response or MS-CHAP2-Response was found in the request. [ntlm_auth] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response= hex decode of failed! (only got 0 bytes) Exec-Program output: Exec-Program: returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> MyDOMAIN\ortegaca attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 91 to "AP's IP" port 1645 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host "AP's IP" port 1645, id=92, length=181 User-Name = "MyDOMAIN\\ortegaca" Framed-MTU = 1400 Called-Station-Id = "0015.62c8.75d0" Calling-Station-Id = "001f.3c2d.78d6" Cisco-AVPair = "ssid=radiusd" Service-Type = Login-User Message-Authenticator = 0x33d0e749e1bb30e03f6bbe53e0601d27 EAP-Message = 0x02010017015044565341323030305c6f72746567616361 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "3281" NAS-Port = 3281 NAS-IP-Address = "AP's IP" NAS-Identifier = "ap" +- entering group authorize {...} [ntlm_auth] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ntlm_auth] ... expanding second conditional [ntlm_auth] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ntlm_auth] expand: %{User-Name:-None} -> MyDOMAIN\ortegaca [ntlm_auth] expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=MyDOMAIN\ortegaca [ntlm_auth] No MS-CHAP-Challenge in the request. [ntlm_auth] expand: --challenge=%{mschap:Challenge:-00} -> --challenge= [ntlm_auth] No MS-CHAP-Response or MS-CHAP2-Response was found in the request. [ntlm_auth] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response= hex decode of failed! (only got 0 bytes) Exec-Program output: Exec-Program: returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> MyDOMAIN\ortegaca attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. As you can see above, there is something about the challenge but I really don't know what it is. So, again: What can I do for a transparent authentication against my Active Directory when a user is logged on it?. Cesar _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&...