Hello, I have configured freeradius (testing server) to try to authenticate using LDAP and if a user is not found in LDAP database, then try SQL. If I try authenticate using user found in SQL database - I get authorizated, authenticated and connected. But if I try authenticate as a user found in LDAP database - authentication fails in inner tunnel: server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test.user", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 6 length 79 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for test.user [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> test.user [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=test.user) [ldap] expand: ou=Users, dc=xxxxxx, dc=lt -> ou=Users, dc=xxxxxx, dc=lt [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=Users, dc=xxxxxx, dc=lt, with filter (uid=test.user) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user test.user authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++? if (notfound) ? Evaluating (notfound) -> FALSE ++? if (notfound) -> FALSE ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for test.user with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel *It says "Found Auth-Type = EAP" although in sites-enabled/inner-tunnel I have uncommented: Auth-Type LDAP { ldap } By the way, if I try to autnenticate using same user via radtest server, of course, don't go into the inner-tunnel and so I get authenticated. I'm adding full radius log. Thanks.