here's the output of radius -X: (hope its long enough:)) [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 245 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - host/W400210.interoute.com [peap] Got inner identity 'host/W400210.interoute.com' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02f5001f01686f73742f573430303231302e696e7465726f7574652e636f6d server { PEAP: Setting User-Name to host/W400210.interoute.com Sending tunneled request EAP-Message = 0x02f5001f01686f73742f573430303231302e696e7465726f7574652e636f6d FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/W400210.interoute.com" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 245 length 31 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01f600341a01f6002f10d576c25ad42b277594f37dbd0b1284a1686f73742f573430303231302e696e7465726f7574652e636f6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01f600341a01f6002f10d576c25ad42b277594f37dbd0b1284a1686f73742f573430303231302e696e7465726f7574652e636f6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 121 to 172.31.183.1 port 2048 EAP-Message = 0x01f6005b19001703010050a99c434c2e7686d5c708631a745b9e1982e54f18e4dfab6a20a90729cc9464e6f8d585f1866fadc0e7e525f2a5940b1b2de54e6e353c60626f2f3fbe5d1ae5fc81667651806079097e04173bb57b71c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e4eb3ac28b8aa99635005e47464e6cc Finished request 11. Going to the next request Waking up in 1.4 seconds. rad_recv: Access-Request packet from host 172.31.183.1 port 2048, id=122, length=292 User-Name = "host/W400210.interoute.com" NAS-Port = 0 Called-Station-Id = "00-15-6D-E4-20-94:ubnt" Calling-Station-Id = "00-21-6B-2C-7B-60" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02f6007b19001703010070bc9400c25ae1409e8e6edfc302aa1453d9f1b79fa4987803574a67e7b3d9afb5e1840df879867c8fb327c2c2a34c33891b5544069c789c36f0458efacfb4c0ed51c84a882afc1c92b0c8654ec6142a108a66abcfe4ca6e4511b9657465e88872612bff4edde5ced368931fc78925ce3d State = 0x2e4eb3ac28b8aa99635005e47464e6cc Message-Authenticator = 0x73d26de7784b67dc7b93fefb4b637fa2 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 246 length 123 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02f600551a02f6005031725e21a5376765a7fd43620480eb763b00000000000000006a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a1400686f73742f573430303231302e696e7465726f7574652e636f6d server { PEAP: Setting User-Name to host/W400210.interoute.com Sending tunneled request EAP-Message = 0x02f600551a02f6005031725e21a5376765a7fd43620480eb763b00000000000000006a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a1400686f73742f573430303231302e696e7465726f7574652e636f6d FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/W400210.interoute.com" State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 246 length 85 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: host/W400210.interoute.com [mschap] Told to do MS-CHAPv2 for host/W400210.interoute.com with NT-Password [mschap] expand: %{mschap:NT-Domain} -> interoute [mschap] expand: --domain=%{%{mschap:NT-Domain}:-INTEROUTE} -> --domain=interoute [mschap] expand: --username=%{mschap:User-Name:-None} -> --username=W400210$ [mschap] mschap2: d5 [mschap] Creating challenge hash with username: host/W400210.interoute.com [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=e0f779583568ced2 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=6a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a14 Exec-Program output: NT_KEY: 7AABD556DB5C9B2B59B26FDDBEF05A7E Exec-Program-Wait: plaintext: NT_KEY: 7AABD556DB5C9B2B59B26FDDBEF05A7E Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01f700331a03f6002e533d36334643413845364131374144323831464430364342343130373237353139413233364537433744 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f3b45522ecc5ffaf0daaa4d5068ce69 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01f700331a03f6002e533d36334643413845364131374144323831464430364342343130373237353139413233364537433744 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f3b45522ecc5ffaf0daaa4d5068ce69 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 122 to 172.31.183.1 port 2048 EAP-Message = 0x01f7005b190017030100509b7087b2a112825ea5aa08f802b90731b5f46e59349a2cdedc81a89f4103967283ba2f8990331ecb9ec7535a4f77b110e189f58f6162dbdc9a713a14d562f0f4fa52f6838fccc6a9be5003515e0b1263 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2e4eb3ac29b9aa99635005e47464e6cc Finished request 12. Going to the next request Waking up in 1.4 seconds. Cleaning up request 0 ID 110 with timestamp +9 Cleaning up request 1 ID 111 with timestamp +9 Cleaning up request 2 ID 112 with timestamp +9 Cleaning up request 3 ID 113 with timestamp +9 Cleaning up request 4 ID 114 with timestamp +9 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0xbed60aebbaf213e9 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius2-1-3-Fedora9-PEAP-AD-prob... Sent from the FreeRadius - User mailing list archive at Nabble.com.