We are having problems getting leap to authenticate. We are using FreeRadius 0.9.3, Cisco Arionet 1200 and eDir as a back end. Here is our config file: ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname TESTAP ! enable secret 5 $1$tQu6$CiVTpfiU2yIuDBoQveZtM1 ! ip subnet-zero ! ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server tacacs+ tac_admin cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa group server radius rad_eap1 server 172.31.1.25 auth-port 1812 acct-port 1813 ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authentication login eap_methods1 group rad_eap1 aaa authorization exec default local aaa accounting network acct_methods start-stop group rad_acct aaa cache profile admin_cache all ! aaa session-id common ! dot11 ssid TESTAP authentication open eap eap_methods1 authentication network-eap eap_methods1 guest-mode ! ! ! username Cisco password 7 047802150C2E ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode wep mandatory ! ssid TESTAP ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 172.31.1.79 255.255.255.0 no ip route-cache ! ip default-gateway 172.31.1.250 ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source-interface BVI1 ! radius-server local no authentication eapfast no authentication mac eapfast server-key primary 7 C10D5BA1B105987DEA7DE22F1E2A3D7094 nas 172.31.1.79 key 7 040A59555B74 user testrad nthash 7 06255C771F6A5F412735372D5B560F7B720E6B657A46544F2051000B0E77005F57 ! radius-server attribute 32 include-in-access-req format %h radius-server host 172.31.1.25 auth-port 1812 acct-port 1813 key 7 101F5B4A5142 radius-server vsa send accounting ! control-plane ! bridge 1 route ip ! ! ! line con 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all ! end here is the error message we get: rad_recv: Access-Request packet from host 172.31.1.79:1645, id=5, length=131 User-Name = "testrad" Framed-MTU = 1400 Called-Station-Id = "0015.f947.8560" Calling-Station-Id = "0012.f0e3.7896" Service-Type = Login-User Message-Authenticator = 0xa00609077f82a3396080dcdcc8019804 EAP-Message = 0x0201000c0174657374726164 NAS-Port-Type = Wireless-802.11 NAS-Port = 466 NAS-IP-Address = 172.31.1.79 NAS-Identifier = "TESTAP" modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: No '@' in User-Name = "testrad", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for testrad radius_xlat: '(uid=testrad)' radius_xlat: 'o=Village' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=Village, with filter (uid=testrad) rlm_ldap: checking if remote access for testrad is allowed by dialupAccess rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user testrad authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 1 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 1 modcall: group Auth-Type returns invalid for request 1 auth: Failed to validate the user. Login incorrect: [testrad/<no User-Password attribute>] (from client testap port 466 cli 0012.f0e3.7896) Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 5 to 172.31.1.79:1645 Waking up in 4 seconds... I can authenticate using a small utility called NTRadPing Test Utility from my desktop directly connecting to Freeradius. any thoughts? Thank you, John Peebles Village of Hoffman Estates IS Specialist (847) 882-9100 x2500