Hello, I am configuring FreeRadius 2.1.6 to athenticate MS Vista user using EAP-PEAP protocol. The file users looks as follows: csd-notebook\user_name Cleartext-Password := "user_password" Where csd-notebook is notebook name. This setting is working. But I would like to make 2 improvements to current configuration. 1. to have an ability to specify only user name in users file in order to not depend on user computer name. I was trying to do this by changing some FR 2.1.6 configuration parameters but failed. 2. To add athentication by computer MAC address I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id == "00-16-EA-8A-DE-38" but got such error message: ..... [eap] EAP packet type response id 17 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject What parameters should I change to make these 2 configurations to work ? Current FR 2.1.6 configuration is as follows. eap.conf: ---------- peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" } modules/mschap: -------------- mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes } modules/preprocess: ------------------- preprocess { with_ascend_hack = no with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } modules/realm: -------------- realm ntdomain { format = prefix delimiter = "\\" } sites-available/default: ----------------------- authorize { preprocess mschap suffix } authenticate { Auth-Type MS-CHAP { mschap } ... } sites-available/inner-tunnel: ---------------------------- authorize { mschap suffix update control { Proxy-To-Realm := LOCAL } ... } Thank you.