Hi guys. I'm authenticating users against Samba4 using Winbindd (PEAP-MSCHAPv2). With radtest everything is working fine; the user information are correctly extracted and the authentication process is successful. I'm now trying to access through a WiFi client. The access point is configured properly and can communicate with the FreeRADIUS server. But I'm encountering the following error (radiusd -X): (8) eap_peap: Continuing EAP-TLS (8) eap_peap: [eaptls verify] = ok (8) eap_peap: Done initial handshake (8) eap_peap: [eaptls process] = ok (8) eap_peap: Session established. Decoding tunneled attributes (8) eap_peap: PEAP state send tlv success (8) eap_peap: Received EAP-TLV response (8) eap_peap: Client rejected our response. The password is probably incorrect (8) eap_peap: ERROR: We sent a success, but the client did not agree (8) eap: ERROR: Failed continuing EAP PEAP (25) session. EAP sub-module failed (8) eap: Sending EAP Failure (code 4) ID 232 length 4 (8) eap: Failed in EAP select (8) [eap] = invalid (8) } # authenticate = invalid (8) Failed to authenticate the user I made some tests even with eapol_test, using the EAP-MSCHAPv2 config file reported in http://deployingradius.com: decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure I'm using the following FreeRADIUS version. radiusd: FreeRADIUS Version 3.0.12 (git #ae2f29c), for host x86_64-unknown-linux-gnu, built on Jul 29 2016 at 11:17:40 FreeRADIUS Version 3.0.12 And the following Samba version (Debian 8.5): 4.2.10. To understand the problem tell me if you need more accurate log. Thanks in advance.