Hello all, I'd like to run a Wireless LAN with Windows XP Clients, FreeRADIUS, Samba and Windows Server 2003 Active Directory. For user authentication FreeRADIUS uses the Samba ntlm_auth tool in order to identify users from active directory. Thereby, the ntlm_auth tool is used as shown below: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" This works well with username attributes. When username attributes are available the format is like this: --username=DOMAIN\\User But the problem is when a user on a client machine wants logon to Windows, the client uses machine credentials for authentication in the first step. If the machine authentication was successful then username and password will be verified. The Windows client hands over the machine attributes to ntlm_auth so the username format is like this: --username=host/hostname.domain.org But in my opinion the ntlm_auth tool doesn't understand this format. So, does anybody know how I can get this worked with machine accounts? I would be very grateful if anybody can help me to solve this problem. Best regards Peter