why my computer can't connect to network with md5-password ? even though if i use cleartext-password it's can connected. but if i use smartphone or linux it's work. can you help me ? there is freeradius debug : # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "hamid", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> hamid [sql] sql_set_user escaped user --> 'hamid' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'hamid' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'hamid' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'hamid' ORDER BY priority rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: hamid [mschap] Told to do MS-CHAPv2 for hamid with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 158 to ***.***.***.*** port 32772 EAP-Message = 0x010a002b190017030100200586e482dcc33b2c9280f10597c6fa8734e6afc7046f9a2e08f41cf18a749f4f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcc3ab30bcb30aa566d0010d0e8ca6221 Finished request 7. Going to the next request Waking up in 3.8 seconds. rad_recv: Access-Request packet from host ***.***.***.*** port 32772, id=159, length=331 User-Name = "hamid" Chargeable-User-Identity = "" Location-Capable = Civix-Location Calling-Station-Id = "94-0c-6d-e1-f1-b4" Called-Station-Id = "58-0a-20-7e-2c-00:annaba4" NAS-Port = 3 Cisco-AVPair = "audit-session-id=c0a81a19000071a65a6ae803" Acct-Session-Id = "5a6ae803/94:0c:6d:e1:f1:b4/34470" Cisco-AVPair = "mDNS=true" NAS-IP-Address = 192.168.35.254 NAS-Identifier = "WLC_2504" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "35" EAP-Message = 0x020a002b19001703010020b251340da3d5ad94add86f70d3e1b882d6770280ac5d5ab14aa4ab95ec8b91df State = 0xcc3ab30bcb30aa566d0010d0e8ca6221 Message-Authenticator = 0x323eda2ece20e5a64deebab3d52ddb4c # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "hamid", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> hamid attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 159 to 10.237.15.1 port 32772 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.8 seconds. Cleaning up request 0 ID 151 with timestamp +204 Cleaning up request 1 ID 152 with timestamp +204 Cleaning up request 2 ID 153 with timestamp +204 Cleaning up request 3 ID 154 with timestamp +204 Cleaning up request 4 ID 155 with timestamp +204 Waking up in 1.1 seconds. Cleaning up request 5 ID 156 with timestamp +205 Cleaning up request 6 ID 157 with timestamp +205 Cleaning up request 7 ID 158 with timestamp +205 Waking up in 1.0 seconds. Cleaning up request 8 ID 159 with timestamp +205 Ready to process requests. thanks