MSCHAP, FreeRADIUS and Active Directory

Hello,

My issue is that I try to authenticate users against AD with MSCHAP =
(PEAP and MSCHAP v2 in the future).
I can authenticate from the command line with ntml_auth :
ntml_auth --username=3Dtoto --domain=3Dkrb.com =3D> NT_STATUS_OK

When I try to test the config with radtest, I get few lines that I =
suspect to be wrong :

/******** SNIP *******/
client command line : radtest toto@kdr.com 192.168.0.2 1812 s3cr3t =
fedora-test=20

.....
rlm_realm: Looking up realm "kdr.com" for User-Name =3D "toto@kdr.com"
rlm_realm: No such realm "kdr.com"
....
modcall[authorize]: module "files" returns ok for request 4
....
modcall entering group Auth-Type for request 4
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: No MS-CHAP-Challenge in the request
modcall[authorize]: module "mschap" returns reject for request 4
....
/******** SNIP *******/

Obviously I should remove the modules "files" or remove my user from the =
file "users".

Then, it seems that a MS-CHAP-Challenge is missing. I reaaly don't know =
how to give a challenge to radtest nor which string to choose (a random =
one?).
Concerning the LM/NT-Password, my guess is that the FreeRADIUS server =
does not ask AD which is the password. I also think that there is no =
link at all between AD and my FreeRADIUS server and that's a problem.
(I had the line concerning ntml_auth uncommented in my radiusd.conf)


Any help would be appreciated,
Stephane

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html