EAP/MD5 with mysql authentication failed My running environment is freeraius-2.1.3 and mysql-5.0.37. The authentication type is EAP/MD5. It's running well with individual 'user' file, however, If I enable the sql optioal, it rejects with '[eap] Handler failed in EAP/md5'. The mysql module was loaded success and could connected with my database. It could authorized in freeradius-1.0.5 and freeradius-1.1.7 with mysql, but failed in freeradius-2.1.3. I paste my mainly configuration file and debug information below. Thanks for your help! IN radius.conf ---------------------- $INCLUDE sql.conf IN sql.conf ---------------------- server = "localhost" port = 3306 login = "radius" password = "radius" IN sites-enabled/inner-tunnel ---------------------- authorize { eap { ok = return } files sql expiration logintime } authenticate { eap } IN eap.conf ---------------------- eap { default_eap_type = md5 timer_expire = 60 ignore_unknown_eap_types = no max_sessions = 2048 md5 { } } IN user ---------------------- DEFAULT Auth-Type := EAP Fall-Through = 1 IN radcheck table ---------------------- mysql> select * from radcheck; +----+----------+--------------------+----+-------+ | id | username | attribute | op | value | +----+----------+--------------------+----+-------+ | 1 | test | Cleartext-Password | := | test | IN radreply table ---------------------- mysql> select * from radreply; +----+----------+-------------------+----+---------------+ | id | username | attribute | op | value | +----+----------+-------------------+----+---------------+ | 1 | test | Framed-IP-Address | := | 192.168.1.55 | DEBUG information ---------------------- -----------Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=0, length=142 User-Name = "test" NAS-IP-Address = 192.168.1.7 NAS-Port = 0 Called-Station-Id = "00-0F-1E-51-00-04:" Calling-Station-Id = "00-13-D7-20-00-90" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020000090174657374 Message-Authenticator = 0xbfed0ae2dd3f0b2a36fe1a88cbd3569d +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 144 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.1.7 port 1024 EAP-Message = 0x01010016041095e48ee00d7d5ecc1639d149c9aa7283 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40ca4f4d40cb4b4734e42cbd94a7636b Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=1, length=173 User-Name = "test" NAS-IP-Address = 192.168.1.7 NAS-Port = 0 Called-Station-Id = "00-0F-1E-51-00-04:" Calling-Station-Id = "00-13-D7-20-00-90" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100160410f34f8c1c140e4f4b3846e691a7aa2175 State = 0x40ca4f4d40cb4b4734e42cbd94a7636b Message-Authenticator = 0xa9e8279e3d299800129cc25ad426acce +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 144 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/md5 [eap] processing type md5 rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication [eap] Handler failed in EAP/md5 [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 1 to 192.168.1.7 port 1024 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds.-----------