edgardolenza wrote: > -the client radius sends authentication requests to the freeradius (using > CHAP) > -freeradius has to ask to AD if the user can be authenticated This is impossible. http://deployingradius.com/documents/protocols/compatibility.html See the "NT Hash" column. Alan DeKok.