... try again Hi, I've built a couple of 3.0.12 (ish) FR servers that I use as our outward facing ORPS servers. York users authenticate against these 2 when visiting other eduroam sites. in smb.conf I've got .... ntlm auth = no lanman auth = no client ntlmv2 auth = yes winbind max domain connections = 1024 restrict anonymous = 2 and in /etc/freeradius/mods-enabled/mschap I've got # An alternative to using ntlm_auth is to connect to the # winbind daemon directly for authentication. This option # is likely to be faster and may be useful on busy systems, # but is less well tested. # # Using this option requires libwbclient from Samba 4.2.1 # or later to be installed. Make sure that ntlm_auth above is # commented out. # winbind_username = "%{Stripped-User-Name}" winbind_domain = "ITS.YORK.AC.UK" ... and auths work quite happily Our systems people are always grumbling about our FR servers being the only boxes that use NTLMv1. Will the above config keep them happy and stop these servers from using it? Rgds Alex