Found Auth-Type = CHAP +- entering group CHAP {...} [chap] login attempt by "sandra" with CHAP password [chap] Using clear text password "sandra" for user sandra authentication. [chap] Password check failed ++[chap] returns reject
Nothing very dramatic here - the chap-challange is wrong, almost certainly meaning the user entered the wrong password. Now, since "the user" in this case is you testing, I guess it might be something else, but I'm not sure what. First thing - check and re-check that you're entering the password correctly, and something tedious like autocorrect isn't munging it! How do clients log into the hotspot - is it via web intercept/redirect and an HTML form? Can you switch to HTTP (rather than HTTPS) and run a packet capture to see if the password coming from the client is good?