Thanks Ivan.

The ntdomain_hack was already in place.

I have provided some of the config files.

--- modules/mschap ---

mschap {

with_ntdomain_hack = yes

}

------

--- proxy.conf ---

realm DUSAMBA1 {

type = radius

authhost = LOCAL

authtype = LOCAL

# ignore_null =yes

strip

}

realm LOCAL {

# If we do not specify a server pool, the realm is LOCAL, and

# requests are not proxied to it.

}

------

--- eap.conf ---

eap {

default_eap_type = peap

timer_expire = 60

ignore_unknown_eap_types = no

cisco_accounting_username_bug = no

max_sessions = 2048

md5 {

}

leap {

}

gtc {

auth_type = PAP

}

tls {

certdir = ${confdir}/certs

cadir = ${confdir}/certs

private_key_password = pass123

private_key_file = ${certdir}/server.pem

certificate_file = ${certdir}/server.pem

CA_file = ${cadir}/ca.pem

dh_file = ${certdir}/dh

random_file = ${certdir}/random

cipher_list = "DEFAULT"

cache {

enable = no

lifetime = 24 # hours

max_entries = 255

}

}

ttls {

default_eap_type = md5

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

}

peap {

default_eap_type = mschapv2

copy_request_to_tunnel = no

use_tunneled_reply = no

virtual_server = "inner-tunnel"

}

mschapv2 {

}

}

------