Hi Could it be you are in a AD environment - your request looks like to what I see in my environment. If so: Domain-joined Windows machines (for what I have tested) have a computer account in AD. This can be used by the Windows (never tested with domain-joined Macs or Linux machines) client to authenticate as machine against the network (using PEAP-MSCHAPv2). Technically you don't authenticate by hostnames but you use the computers' AD account. Another way would be to use EAP-TLS with certificates on your machines. If you implement the Samba/winbind way as described by deployingradius.comyou can in authenticate computer accounts. - It required me to tweak the LDAP default config for group-based authorization, but In case this is what you are looking for, ping back and I can show you LDAP filters i use. If you are only into authentication, most likely the public pages will already let you in, but (at least on Debian wheezy) I had tomodify modules/mschap as follows: mschap { ... with_ntdomain_hack = yes ... # Debian # ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" # Mine (at least that made it work) ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}" ... } -- Mathieu