Hi. I'm quite a newbie, so please keep it simple. I have been fighting with this for the past 10 hours! I am trying to do PEAP authentication (without certificates) where a client (Windows XP/Vista) gains WPA wi-fi access with a username and password using FreeRADIUS (v2.1.4) as the RADIUS server on Ubuntu Linux 8.10. I have gotten as far as compiling FreeRADIUS with SSL/TLS support and getting a Windows client to gain WPA access where his username/pass is in the "/etc/freeradius/users" file. I'm not interested in doing any LDAP or Active Directory stuff (don't want to use ntlm_auth), so obviously "MS-CHAP-Use-NTLM-Auth := No" was included with the user/pass in the "/etc/freeradius/users" file. And as I said, the client could gain Wi-fi WPA access using PEAP authentication. However, I would like to manage usernames and passwords in a MySQL database. The relevant part of the MySQL schema that I have been trying is as follows: radcheck (id,username,attribute,op,value) radreply (id,username,attribute,op,value) I have configured FreeRADIUS to talk to MySQL using various tutorials on the internet and have confirmed this works with the "radtest" shell command (I get an accept-accept back for any users in the "radcheck" table. So to try do it with PEAP authentication I inserted the following in the tables. INSERT INTO radcheck (username,attribute,op,value) VALUES ('user1','Cleartext-Password',':=','pass1') INSERT INTO radreply (username,attribute,op,value) VALUES ('user1','MS-CHAP-Use-NTLM-Auth',':=','No') Note how I have included "MS-CHAP-Use-NTLM-Auth := No" as a reply attribute. But, no matter what I do, this does not allow a client to authenticate. freeradius debug (with -X switch) gives me the following (I've only included the parts which I think are relevant: .................. [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'user1' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'user1' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'user8' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok .................. EAP-Message = 0x0108001f1a0108001a1025124f5e6a8bc7778687e657b729c16b7573657238 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x31f7332531ff293ae0350b28678bf4db [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0108001f1a0108001a1025124f5e6a8bc7778687e657b729c16b7573657238 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x31f7332531ff293ae0350b28678bf4db [peap] Got tunneled Access-Challenge ++[eap] returns handled ................... [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for user1 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. .................. The parts that gives away the fact that the "MS-CHAP-Use-NTLM-Auth := No" is not being read from the database: 1) no users are found in the "SELECT FROM radreply" query 2) underneath "[peap] Got tunneled reply code 11" there is no "MS-CHAP-Use-NTLM-Auth := No" as there is when a user is authenticated from the "users" file. 3) The fact that I cannot get the client to gain access! I really don't know what to do from this point. I haven't included any of my freeradius configuration files because I really don't know which ones to include. So if you want to see them just let me know which ones you want. Thanks in advance Doron