Hi All, I have been trying to configure PEAP with EAP -MD5 but i juat cannot get it to work. TTLS with EAP -MD5 workes fine. Also PEAP with Token card(gtc) and MSCHAPv2 works fine. What I tried is... 1. When I *comment out MSCHAPv2* in the eap.conf file and I try with the client being in PEAP EAP-MSCHAPv2, then I get a REJECT as below. 2.When I *comment out MD5* in the eap.conf file and try with the client being in PEAP EAP MD5, then I get the same REJECT message as below 3. When *I dont comment out MD5(MD5 is enabled)* in the eap.conf file and try with the client being in PEAP EAP MD5, then I get the same REJECT message as below In all the above three cases, I seem to be getting the same Reject message as below: ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "queenie", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 72 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> queenie attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 9 to 192.168.5.200 port 1024 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.5 seconds. Cleaning up request 0 ID 1 with timestamp +79 Cleaning up request 1 ID 2 with timestamp +79 Cleaning up request 2 ID 3 with timestamp +79 Cleaning up request 3 ID 4 with timestamp +79 Waking up in 0.2 seconds. Cleaning up request 4 ID 5 with timestamp +79 Cleaning up request 5 ID 6 with timestamp +79 Cleaning up request 6 ID 7 with timestamp +79 Cleaning up request 7 ID 8 with timestamp +79 Waking up in 1.0 seconds. Cleaning up request 8 ID 9 with timestamp +79 Ready to process requests. *Is it possible that in the eap.conf file, the MD5 does not get enabled under PEAP? Cause MD5 does work fine with TTLS for me. * Pl help! Regards, Queenie