Hello gentlemen I am configuring PEAP and there is not much information about it, Should I add a user in the user file alone? If default is configured with EAP, what should I modify another file? thanks. logout: rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=220, length=156 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x8cc6da388d8df7f5ec4355457fe64969 EAP-Message = 0x020100130149504c414e5c6d73696c7665726f NAS-Port-Type = Wireless-802.11 NAS-Port = 474 NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DOMINIO\msilvero", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 19 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 220 to 10.10.1.21 port 1645 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x34d23a2734d023bc90d78d0fbe96492c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=221, length=263 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x3491a2750461cd5efdc8648bf46aa49a EAP-Message = 0x0202006c190016030100610100005d030149493f85acfcc0f2c2c47fe6fa7a57d6e421cff26116506231b3776199ed10e200003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100 NAS-Port-Type = Wireless-802.11 NAS-Port = 474 State = 0x34d23a2734d023bc90d78d0fbe96492c NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DOMINIO\msilvero", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 108 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0061], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 221 to 10.10.1.21 port 1645 [...] Going to the next request Waking up in 4.8 seconds. Cleaning up request 0 ID 220 with timestamp +68 Waking up in 0.1 seconds. Cleaning up request 1 ID 221 with timestamp +68 Ready to process requests. rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=222, length=156 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x862b4eedab979983e604c4836e8ac526 EAP-Message = 0x020100130149504c414e5c6d73696c7665726f NAS-Port-Type = Wireless-802.11 NAS-Port = 475 NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DOMINIO\msilvero", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 19 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 222 to 10.10.1.21 port 1645 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8f11b52d8f13ac786b16694f681d2fd0 Finished request 2. [...] [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 223 to 10.10.1.21 port 1645 [...] Finished request 3. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=224, length=161 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x9f0db2567149250ed92295734e004b44 EAP-Message = 0x020300061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 475 State = 0x8f11b52d8e12ac786b16694f681d2fd0 NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DOMINIO\msilvero", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 224 to 10.10.1.21 port 1645 [...] Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=225, length=161 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0x65d2bab3cdae40b237ce9837d9a3eacf EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 475 State = 0x8f11b52d8d15ac786b16694f681d2fd0 NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" [...] Sending Access-Challenge of id 225 to 10.10.1.21 port 1645 [...] Finished request 5. Going to the next request waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.1.21 port 1645, id=226, length=168 User-Name = "DOMINIO\\msilvero" Framed-MTU = 1400 Called-Station-Id = "0019.2fdb.9e00" Calling-Station-Id = "001f.3c22.44c5" Service-Type = Login-User Message-Authenticator = 0xcb5badb43459e8a2770683bef095543b EAP-Message = 0x0205000d190015030100020230 NAS-Port-Type = Wireless-802.11 NAS-Port = 475 State = 0x8f11b52d8c14ac786b16694f681d2fd0 NAS-IP-Address = 10.10.1.21 NAS-Identifier = "ap-ap" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DOMINIO\msilvero", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 13 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA TLS_accept:failed in SSLv3 read client certificate A rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation [peap] eaptls_process returned 4 [peap] EAPTLS_OTHERS [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> DOMINIO\msilvero attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 6 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 6 Sending Access-Reject of id 226 to 10.10.1.21 port 1645 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.7 seconds. Cleaning up request 2 ID 222 with timestamp +74 Waking up in 0.1 seconds. Cleaning up request 3 ID 223 with timestamp +74 Cleaning up request 4 ID 224 with timestamp +74 Cleaning up request 5 ID 225 with timestamp +74 Waking up in 1.0 seconds. Cleaning up request 6 ID 226 with timestamp +74 Ready to process requests.