First, thanks Alan for your help, I managed to make it work with AD. Now I want to try to test to make EAP-TTLS with PAP to authenticate users in domain. I saw this link http://lists.freeradius.org/mailman/htdig/freeradius-users/2008-March/msg004... So I added following lines to modules section of radiusd.conf exec ntlm_auth_pap { wait = yes input_pairs = request shell_escape = yes output = none program = "/path/to/ntlm_auth --username=%{User-Name} --domain=EXCHANGE --password=%{User-Password}" } and I edited /etc/freeradius/sites-available/default file and /etc/freeradius/sites-enabled/default, section authenticate to Auth-Type PAP { ntlm_auth_pap } But when user tries to connect, I get following error: [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "testuser" User-Password = "testuserpass" FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "testuser" User-Password = "testuserpass" FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 [ttls] Got tunneled Access-Reject SSL: Removing session 963d9312e7948dc613d384208137728dce44b3071923bb0c257aeaf9229a1a95 from the cache [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. If someone can help, that would be great. Thanks once again for your help with my previous question folks, I really appreciate it.