Hello, I'm using freeradius for VPN and WIFI clients implementing a passwordless solution where users are only required to enter the username, and I want to authenticate users using MFA. I achieved the same using the VPN client as it uses PAP, and it succeeded. Whereas wrt to Wifi client where it uses EAP/PEAP; I'm observing the communication ends at Access-Challenge sent from radius server. i.e., the wifi client doesn't acknowledge the Challenge and ends up with a Login error. I took the TCP dump and verified Access-Challenge attributes in working and non-working scenarios, and I see the number of attributes sent is the same (although not sure of the value) I even tried to set NT:Password to empty String md5 value ( 0x31D6CFE0D16AE931B73C59D7E0C089C0), still vain attempt. Since the password is not received in the auth request and Challenge doesn't have the same information, does the wifi client ends the communication as soon as it receives Challenge? NOTE: The server certificate was imported and trusted before trying this operation and still when a blank password is sent in the Radius auth request, the handshake between client and server stops when the last Challenge is sent from the radius server. Is this a valid scenario with what I'm trying to wrt the EAP/PEAP protocol? Thanks, Sachin