Ready to process requests Received Access-Request Id 36 from 127.0.0.1:55677 to 127.0.0.1:1812 length 81 User-Name = 'yyyy1' User-Password = 'xxxx1' NAS-IP-Address = 10.0.45.44 NAS-Port = 0 Message-Authenticator = 0xd1c9ced51d4b2fb6529fcc61d622782c (0) Received Access-Request packet from host 127.0.0.1 port 55677, id=36, length=81 (0) User-Name = 'yyyy1' (0) User-Password = 'xxxx1' (0) NAS-IP-Address = 10.0.45.44 (0) NAS-Port = 0 (0) Message-Authenticator = 0xd1c9ced51d4b2fb6529fcc61d622782c (0) # Executing section authorize from file /etc/raddb/sites-enabled/default (0) authorize { (0) filter_username filter_username { (0) if (!&User-Name) (0) if (!&User-Name) -> FALSE (0) if (&User-Name =~ / /) (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@.*@/ ) (0) if (&User-Name =~ /@.*@/ ) -> FALSE (0) if (&User-Name =~ /\\.\\./ ) (0) if (&User-Name =~ /\\.\\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\\.$/) (0) if (&User-Name =~ /\\.$/) -> FALSE (0) if (&User-Name =~ /@\\./) (0) if (&User-Name =~ /@\\./) -> FALSE (0) } # filter_username filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix : Checking for suffix after "@" (0) suffix : No '@' in User-Name = "yyyy1", looking up realm NULL (0) suffix : No such realm "NULL" (0) [suffix] = noop (0) eap : No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop (0) sql : EXPAND %{User-Name} (0) sql : --> yyyy1 (0) sql : SQL-User-Name set to 'yyyy1' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id (0) sql : --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yyyy1' ORDER BY id rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yyyy1' ORDER BY id' (0) sql : EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority (0) sql : --> SELECT groupname FROM radusergroup WHERE username = 'yyyy1' ORDER BY priority rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'yyyy1' ORDER BY priority' (0) sql : User not found in any groups rlm_sql (sql): Released connection (4) (0) [sql] = notfound rlm_ldap (ldap): Reserved connection (4) (0) ldap : EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}}) (0) ldap : --> (uid=yyyy1) (0) ldap : EXPAND dc=testtn,dc=com (0) ldap : --> dc=testtn,dc=com (0) ldap : Performing search in 'dc=testtn,dc=com' with filter '(uid=yyyy1)', scope 'sub' (0) ldap : Waiting for search result... rlm_ldap (ldap): Rebinding to URL ldap:// ForestDnsZones.testtn.com/DC=ForestDnsZones,DC=testtn,DC=com rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Rebinding to URL ldap:// DomainDnsZones.testtn.com/DC=DomainDnsZones,DC=testtn,DC=com rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Rebinding to URL ldap:// testtn.com/CN=Configuration,DC=testtn,DC=com rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Bind successful (0) ldap : Search returned no results rlm_ldap (ldap): Deleting connection (4) (0) [ldap] = notfound (0) [expiration] = noop (0) [logintime] = noop (0) WARNING: pap : No "known good" password found for the user. Not setting Auth-Type (0) WARNING: pap : Authentication will fail unless a "known good" password is available (0) [pap] = noop (0) } # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /etc/raddb/sites-enabled/default (0) Post-Auth-Type REJECT { (0) sql : EXPAND .query (0) sql : --> .query (0) sql : Using query template 'query' rlm_sql (sql): Reserved connection (4) (0) sql : EXPAND %{User-Name} (0) sql : --> yyyy1 (0) sql : SQL-User-Name set to 'yyyy1' (0) sql : EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') (0) sql : --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yyyy1', 'xxxx1', 'Access-Reject', '2016-08-25 09:56:07') rlm_sql (sql): Executing query: 'INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yyyy1', 'xxxx1', 'Access-Reject', '2016-08-25 09:56:07')' rlm_sql (sql): Released connection (4) (0) [sql] = ok (0) attr_filter.access_reject : EXPAND %{User-Name} (0) attr_filter.access_reject : --> yyyy1 (0) attr_filter.access_reject : Matched entry DEFAULT at line 11 (0) [attr_filter.access_reject] = updated (0) eap : Request didn't contain an EAP-Message, not inserting EAP-Failure (0) [eap] = noop (0) remove_reply_message_if_eap remove_reply_message_if_eap { (0) if (&reply:EAP-Message && &reply:Reply-Message) (0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (0) else else { (0) [noop] = noop (0) } # else else = noop (0) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (0) } # Post-Auth-Type REJECT = updated (0) Delaying response for 1 seconds Waking up in 0.9 seconds. (0) Sending delayed response (0) Sending Access-Reject packet to host 127.0.0.1 port 55677, id=36, length=0 Sending Access-Reject Id 36 from 127.0.0.1:1812 to 127.0.0.1:55677 Waking up in 3.9 seconds. (0) Cleaning up request packet ID 36 with timestamp +12 Ready to process requests Right now I am trying to have a working instance of radius with ldap auth, but , yes I will be using PEAP for wireless authentication. Thank you