Hello out there, I'm testing the FreeRADIUS Version 2.1.12 Modul with AD Integration following the deployingradius.com Guide. Installed winbind and samba Version 3.6.3 and ntlm_auth tests are fine. Now i'm testing with radtest while running radius in Debug mod. The following line has been added to users: DEFAULT Auth-Type = mschap This is the output from radtest: radtest -t mschap User001 USERPW localhost 0 s3cr3t Sending Access-Request of id 61 to 127.0.0.1 port 1812 User-Name = "User001" NAS-IP-Address = 172.16.28.168 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 MS-CHAP-Challenge = 0x7e9462ca7fbf5d20 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000a42d3b5b243dede8b6 dc20fc78f0fdad458a494f649cca2b rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=61, length=38 MS-CHAP-Error = "\000E=691 R=1" And this from radiusd -X: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 48471, id=105, length=133 User-Name = "User001" NAS-IP-Address = 172.16.28.168 NAS-Port = 0 Message-Authenticator = 0x5d1a20d2d2c7897d376d003f73153552 MS-CHAP-Challenge = 0x28d302e62ccf7399 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000f7b8cd66af90b5791f b4b09421dbbf2cbed180e7e72304b5 server packetfence { # Executing section authorize from file /etc/raddb/sites-enabled/packetfence +- entering group authorize {...} [suffix] No '@' in User-Name = "User001", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[preprocess] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 2 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_perl: Added pair User-Name = User001 rlm_perl: Added pair MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000f7b8cd66af90b5791f b4b09421dbbf2cbed180e7e72304b5 rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 172.16.28.168 rlm_perl: Added pair MS-CHAP-Challenge = 0x28d302e62ccf7399 rlm_perl: Added pair Message-Authenticator = 0x5d1a20d2d2c7897d376d003f73153552 rlm_perl: Added pair Auth-Type = MSCHAP ++[packetfence] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/raddb/sites-enabled/packetfence +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv1 with NT-Password [mschap] expand: %{Stripped-User-Name} -> [mschap] ... expanding second conditional [mschap] expand: %{mschap:User-Name:-None} -> User001 [mschap] expand: --username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} -> --username=User001 [mschap] mschap1: 28 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=28d302e62ccf7399 [mschap] expand: #ntresponse=%{mschap:NT-Response:-00} -> #ntresponse=f7b8cd66af90b5791fb4b09421dbbf2cbed180e7e72304b5 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 [mschap] External script failed. [mschap] MS-CHAP-Response is incorrect. ++[mschap] returns reject Failed to authenticate the user. Login incorrect (mschap: External script says Logon failure (0xc000006d)): [User001] (from client 127.0.0.1 port 0) The ntlm_auth is well configured in mschap module (--ntresponse)! Thanks for helping.