This isn't really a problem with FreeRADIUS, but maybe someone else here has ever tried this. A short description of our setup: we're trying to use 802.1X on WLAN, with the access points using FreeRADIUS as backend, authenticating via PEAP. FreeRADIUS is configured to use the proxy-inner-tunnel virtual server for this requests, and uses Active Directory 2012R2 as a RADIUS backend (NPS). With user authentication, this works like a charm once you've changed the policy to accept MSCHAPv2 outside of PEAP too. When trying to use this same setup with a machine authentication, the backend replies that the username or password is incorrect. When we're acting as a normal proxy instead of an inner-tunnel-proxy, it just works without any changes on the client pc. Has anyone ever tried something like this and got the setup working? -- Herwin Weststrate