I am trying to use http://wiki.freeradius.org/guide/eduroam to port my existing eduroam configuration from FreeRadius 2 to 3.0.15 I have an LDAP backend and would like to use LDAP binding to authenticate the user. So far, the authorize is OK, but the Auth-Type is set to inner-eap and it will not try another LDAP bind in the authentication section: (8) ldap_wifi: EXPAND (&(csimAccountPermission=firewall)(uid=%{%{Stripped-User-Name}:-%{User-Name}})) (8) ldap_wifi: --> (&(csimAccountPermission=firewall)(uid=on)) (8) ldap_wifi: Performing search in "ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th" with filter "(&(csimAccountPermission=firewall)(uid=on))", scope "one" (8) ldap_wifi: Waiting for search result... (8) ldap_wifi: User object found at DN "uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th" (8) ldap_wifi: Processing user attributes (8) ldap_wifi: control:Password-With-Header += '{MD5}something==' (8) [ldap_wifi] = updated (8) [files] = noop (8) pap: Converted: &control:Password-With-Header -> &control:MD5-Password (8) pap: Removing &control:Password-With-Header (8) pap: Normalizing MD5-Password from base64 encoding, 24 bytes -> 16 bytes (8) pap: WARNING: Auth-Type already set. Not setting to PAP (8) [pap] = noop (8) [mschap] = noop (8) } # authorize = updated (8) Found Auth-Type = inner-eap (8) # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-eduroam (8) authenticate { (8) inner-eap: Expiring EAP session with state 0x3eae14c03ea60e9f (8) inner-eap: Finished EAP session with state 0x3eae14c03ea60e9f (8) inner-eap: Previous EAP request found for state 0x3eae14c03ea60e9f, released from the list (8) inner-eap: Peer sent packet with method EAP MSCHAPv2 (26) (8) inner-eap: Calling submodule eap_mschapv2 to process data (8) eap_mschapv2: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-eduroam (8) eap_mschapv2: authenticate { (8) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password (8) mschap: WARNING: No Cleartext-Password configured. Cannot create LM-Password (8) mschap: Creating challenge hash with username: on@cs.ait.ac.th (8) mschap: Client is using MS-CHAPv2 In version2, I used to have: server eduroam-inner-tunnel { authorize { auth_log suffix eap mschap pap ldap_wifi } authenticate { Auth-Type PAP { pap } Auth-Type MS-CHAP { mschap } ldap_wifi eap } Thanks in advance, Olivier --