We've been running FreeRADIUS for our wireless 802.1x infrastructure for years, without problem (thanks!). FreeRADIUS basically proxies back to our Windows NPS servers, then injects a VLAN assignment using unlang on the Access-Accept. Now we're deploying the same architecture for our wired infrastructure. I've noticed that the authentication requests between the FreeRADIUS servers and NPS for our wired infrastructure is all EAP, which is getting rejected since our NPS servers are expecting PEAP. I'm assuming I need to specifically tell FreeRADIUS that the back-end authentication needs to take place over PEAP, but don't see where that would be configured. It's basically the same config as our wireless infrastructure, but in that case, PEAP/MS-CHAPv2 is configured on the access points. Am I missing something obvious here? Thanks, Norman Elton