Our current wireless environment uses Microsoft Active Directory with Microsoft Network Policy Server to authenticate our 802.1x wireless network. As it is configured, it supports user authentication via PEAP and mschapv2, and it also supports what NPS calls "machine authentication". Which, based on its behavior allows any computer joined to the domain to access the network with user credentials. As an example, this is useful for loaner laptops where the computer needs access to the network in order to authenticate the user against AD. I am trying to replace our current Microsoft NPS server with freeradius. I was able to follow the docs and use winbind to get PEAP-mschap user authentication working flawlessly. The last piece of this puzzle is, NPS has a "magic checkbox" that enables machine-based authentication. I have been trying to figure out what that checkbox does, without much luck. My best guess is that it's using the Active Directory certificates to do EAP-TLS auth, but that is just my guess. Has anyone ever tried to replicate this feature? or have any insight? I realize this isn't strictly a freeradius question, but thought I would ask. -- Munroe Sollog Senior Network Engineer munroe@lehigh.edu