Hi , I am trying to do PEAP MSCHAPv2 authentication. I am using FreeRADIUS version 1.1.0 on Suse 9.0 and WinXP as the Suplicant. When I select "Automatically use my Windows Logon name and password (and domain if any)" in the network properties, WinXP tries to login as domain-name\\user-name. I have enabled the "realm ntdomain" option in radiusd.conf and have created an entry in the proxy.conf file. However the authentication still fails. I am using eDirectory as my user store and (I cannot use the ntlm_auth option as I do not have a AD setup). The debug log is as follows. Can anyone please tell me how to get this working? rad_recv: Access-Request packet from host 10.0.0.1:21647, id=96, length=190 Sending Access-Reject of id 96 to 10.0.0.1 port 21647 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Cleaning up request 29 ID 90 with timestamp 43cde14f Cleaning up request 30 ID 91 with timestamp 43cde14f Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=97, length=165 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0xc0e1ca5411e453f15a1eb6bd2ee27743 EAP-Message = 0x0201001f014e4f56454c4c2d5154354d384230385c72616469757375736572 NAS-Port-Type = Wireless-802.11 NAS-Port = 400 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 36 modcall[authorize]: module "preprocess" returns ok for request 36 modcall[authorize]: module "chap" returns noop for request 36 modcall[authorize]: module "mschap" returns noop for request 36 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 36 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 36 rlm_eap: EAP packet type response id 1 length 31 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 36 modcall[authorize]: module "files" returns notfound for request 36 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 36 modcall: leaving group authorize (returns updated) for request 36 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 36 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 36 modcall: leaving group authenticate (returns handled) for request 36 Sending Access-Challenge of id 97 to 10.0.0.1 port 21647 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x30170192891d3d63f0d026f17eb0b65e Finished request 36 Going to the next request --- Walking the entire request list --- Cleaning up request 31 ID 92 with timestamp 43cde150 Cleaning up request 32 ID 93 with timestamp 43cde150 Cleaning up request 33 ID 94 with timestamp 43cde150 Cleaning up request 34 ID 95 with timestamp 43cde150 Cleaning up request 35 ID 96 with timestamp 43cde150 Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=98, length=264 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0xbae42c51a49613f3780756f23a9426a4 EAP-Message = 0x0202007019800000006616030100610100005d030143cde01037e38d07b56687db452982f13b38491004de1d3e5e7ebd2d8c38d2852098cad41ce7d8a49d186a5bda5eb7564b59c7983e162adbac1cca703d6138ad96001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0x30170192891d3d63f0d026f17eb0b65e Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 37 modcall[authorize]: module "preprocess" returns ok for request 37 modcall[authorize]: module "chap" returns noop for request 37 modcall[authorize]: module "mschap" returns noop for request 37 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 37 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 37 rlm_eap: EAP packet type response id 2 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 37 modcall[authorize]: module "files" returns notfound for request 37 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 37 modcall: leaving group authorize (returns updated) for request 37 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 37 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 02c9], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 37 modcall: leaving group authenticate (returns handled) for request 37 Sending Access-Challenge of id 98 to 10.0.0.1 port 21647 EAP-Message = 0x0103032c1900160301004a02000046030143cde156e65381a0707183b050fe81c6c03ec222517fb41975fa15889e4c2c5820c41756c1e99ec4f7be2b83825263faf89799efea61abd3e8857b2d2447af244400040016030102c90b0002c50002c20002bf308202bb30820224a003020102020101300d06092a864886f70d0101040500308196310b300906035504061302494e31123010060355040813096b61726e6174616b61311230100603550407130962616e67616c6f7265310f300d060355040a13066e6f76656c6c310c300a060355040b1303626c72311c301a060355040313136e6161732e626c722e6e6f76656c6c2e636f6d3122302006 EAP-Message = 0x092a864886f70d0109011613766c616b73686d69406e6f76656c6c2e636f6d301e170d3036303131353039313732315a170d3037303131353039313732315a308196310b300906035504061302494e31123010060355040813094b61726e6174616b61311230100603550407130942616e67616c6f7265310f300d060355040a13066e6f76656c6c310c300a060355040b1303626c72311c301a060355040313136e6161732e626c722e6e6f76656c6c2e636f6d3122302006092a864886f70d0109011613766c616b73686d69406e6f76656c6c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bd30a2ae1a5e0b79 EAP-Message = 0x6a579ae6a8811ab9f8d4268af8e634c6d45b6d187f856a9bf21ccf77dbd1607b0e30f549a5cf727a10419ea797632b8ea3cb7b2da486a87f4e03577a155e88b485f3a1338ece3895c06af1de3b05b3012ef48deb530374474c41010ad20171c4a6aace2834348b61b425718ee644f37db42fe993896702ed0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810090f21869733cd9c066ccc4b31190f2b046018aae8033e45a4169ae4abdf279bc379b58a1dc293f151f47c0723e178977a8968788fd4f5477fd6887f2fb2923fc301d0945d663a0748b155173226166109ae525fa EAP-Message = 0x6d0cc0b0fe4c70d87317087d8943f8503e348ba86b7404cb694152402fa721d49c843166c9dbd02367a712f316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb06143185187045946233d6d2d2c3b26 Finished request 37 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=99, length=344 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0xc224f01dc2ec8fa57bc2a3c7d10298d9 EAP-Message = 0x020300c01980000000b6160301008610000082008009aea6c45bb6e83e208942a8860d55173d55609477de80a04f5db20465607a590027af716c86cf863f954d32bf7b6ba4cd03cc3c85bd42349c33a9e6216d0aa0e87d10d45681ced190942258e854a69d66a1d87008375f7900fab4f78547e2771b0ab90cd71262bd017cbe0a5978414253e47aa355c6fee76dd4508cae63a4c11403010001011603010020d44c9738132c2bba9b91c197ba5ff1ffb4c28155de15444ab5d883e5dd1e7f7d NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0xb06143185187045946233d6d2d2c3b26 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 38 modcall[authorize]: module "preprocess" returns ok for request 38 modcall[authorize]: module "chap" returns noop for request 38 modcall[authorize]: module "mschap" returns noop for request 38 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 38 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 38 rlm_eap: EAP packet type response id 3 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 38 modcall[authorize]: module "files" returns notfound for request 38 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 38 modcall: leaving group authorize (returns updated) for request 38 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 38 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 38 modcall: leaving group authenticate (returns handled) for request 38 Sending Access-Challenge of id 99 to 10.0.0.1 port 21647 EAP-Message = 0x01040031190014030100010116030100201bf97f47ae5aa98860bd2e30d7331168bc89f98d2f5b2ad11fd396615fd5f1d4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc780aa08396ffb1c35a75497291b8fdb Finished request 38 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=100, length=158 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0x3154553f21590012b75b060c868b9ca0 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0xc780aa08396ffb1c35a75497291b8fdb Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 39 modcall[authorize]: module "preprocess" returns ok for request 39 modcall[authorize]: module "chap" returns noop for request 39 modcall[authorize]: module "mschap" returns noop for request 39 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 39 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 39 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 39 modcall[authorize]: module "files" returns notfound for request 39 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 39 modcall: leaving group authorize (returns updated) for request 39 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 39 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 39 modcall: leaving group authenticate (returns handled) for request 39 Sending Access-Challenge of id 100 to 10.0.0.1 port 21647 EAP-Message = 0x0105002019001703010015f120056b0d74f0081a5778c6a2e63f5259d178614f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd524583cf95094fbbb21590d618d3ea1 Finished request 39 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=101, length=206 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0x500765e49ff9a772deda42ec6bf25f00 EAP-Message = 0x020500361900170301002b9f4628f9bf7f16b7b889332d0116236b4c47a0cd3c4cc754895f22383d0d72cd8d9102d5babeb09e78bd1b NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0xd524583cf95094fbbb21590d618d3ea1 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 40 modcall[authorize]: module "preprocess" returns ok for request 40 modcall[authorize]: module "chap" returns noop for request 40 modcall[authorize]: module "mschap" returns noop for request 40 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 40 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 40 rlm_eap: EAP packet type response id 5 length 54 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 40 modcall[authorize]: module "files" returns notfound for request 40 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 40 modcall: leaving group authorize (returns updated) for request 40 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 40 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - NOVELL-QT5M8B08\radiususer rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0205001f014e4f56454c4c2d5154354d384230385c72616469757375736572 PEAP: Got tunneled identity of NOVELL-QT5M8B08\radiususer PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to NOVELL-QT5M8B08\radiususer PEAP: Sending tunneled request EAP-Message = 0x0205001f014e4f56454c4c2d5154354d384230385c72616469757375736572 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "NOVELL-QT5M8B08\\radiususer" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 40 modcall[authorize]: module "preprocess" returns ok for request 40 modcall[authorize]: module "chap" returns noop for request 40 modcall[authorize]: module "mschap" returns noop for request 40 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 40 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 40 rlm_eap: EAP packet type response id 5 length 31 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 40 modcall[authorize]: module "files" returns notfound for request 40 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 40 modcall: leaving group authorize (returns updated) for request 40 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 40 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 40 modcall: leaving group authenticate (returns handled) for request 40 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010600341a0106002f104ad7cc649e19606ba5cf6b902c46de3c4e4f56454c4c2d5154354d384230385c72616469757375736572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xab3f885870f4b2e228c2e2fd3996877f PEAP: Processing from tunneled session code 0x81322f0 11 EAP-Message = 0x010600341a0106002f104ad7cc649e19606ba5cf6b902c46de3c4e4f56454c4c2d5154354d384230385c72616469757375736572 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xab3f885870f4b2e228c2e2fd3996877f PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 40 modcall: leaving group authenticate (returns handled) for request 40 Sending Access-Challenge of id 101 to 10.0.0.1 port 21647 EAP-Message = 0x0106004b190017030100407de03240adbd762422070120ce2fd3ad4cfc8fba0586405bb679b99b30b40b4a139ec05f0083dbfac92c61992020d68eaf25d05437ae106852e13444e875ac44 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x854a43d41f4a91f014d50a2323cc297b Finished request 40 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=102, length=244 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0xb124902320674b1cbfc425311dae3d5f EAP-Message = 0x0206005c19001703010051dfdb9b3818f3d67ec6a394585162b309c3451fc457ebc7cee5bdd6e92966806691202d6aa0f4ce3c6ab7e0783681d80f5dce8cc2c140748e20cd6f5840fad4340f50742d1000b2e9d84f0d0a58840acb5f NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0x854a43d41f4a91f014d50a2323cc297b Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 41 modcall[authorize]: module "preprocess" returns ok for request 41 modcall[authorize]: module "chap" returns noop for request 41 modcall[authorize]: module "mschap" returns noop for request 41 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 41 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 41 rlm_eap: EAP packet type response id 6 length 92 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 41 modcall[authorize]: module "files" returns notfound for request 41 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 41 modcall: leaving group authorize (returns updated) for request 41 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 41 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020600451a02060040313f2289804b354f2f8652d94f68709d620000000000000000440794d18a32023e3ce637a190306d62f66dae289bbd01020072616469757375736572 PEAP: Setting User-Name to NOVELL-QT5M8B08\radiususer PEAP: Adding old state with ab 3f PEAP: Sending tunneled request EAP-Message = 0x020600451a02060040313f2289804b354f2f8652d94f68709d620000000000000000440794d18a32023e3ce637a190306d62f66dae289bbd01020072616469757375736572 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "NOVELL-QT5M8B08\\radiususer" State = 0xab3f885870f4b2e228c2e2fd3996877f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 41 modcall[authorize]: module "preprocess" returns ok for request 41 modcall[authorize]: module "chap" returns noop for request 41 modcall[authorize]: module "mschap" returns noop for request 41 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 41 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 41 rlm_eap: EAP packet type response id 6 length 69 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 41 modcall[authorize]: module "files" returns notfound for request 41 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 41 modcall: leaving group authorize (returns updated) for request 41 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 41 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 41 rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for NOVELL-QT5M8B08\radiususer with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 41 modcall: leaving group MS-CHAP (returns reject) for request 41 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 41 modcall: leaving group authenticate (returns reject) for request 41 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x8131920 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 41 modcall: leaving group authenticate (returns handled) for request 41 Sending Access-Challenge of id 102 to 10.0.0.1 port 21647 EAP-Message = 0x010700261900170301001b0c7a82c5514721a2d8d3834226c34505a34b4f953fbdd9d4833003 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd938c409155970af38b0177b7e6d5a17 Finished request 41 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=103, length=190 User-Name = "NOVELL-QT5M8B08\\radiususer" Framed-MTU = 1400 Called-Station-Id = "0040.96a3.2e04" Calling-Station-Id = "0002.2da4.e20e" Message-Authenticator = 0x6ce6c15659c49c764a2fea869f71f6c5 EAP-Message = 0x020700261900170301001b8c2ee15eaa56664149b4c14cd0abc92ca2b7c6d63af98433be6643 NAS-Port-Type = Wireless-802.11 NAS-Port = 400 State = 0xd938c409155970af38b0177b7e6d5a17 Service-Type = Framed-User NAS-IP-Address = 10.0.0.1 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 42 modcall[authorize]: module "preprocess" returns ok for request 42 modcall[authorize]: module "chap" returns noop for request 42 modcall[authorize]: module "mschap" returns noop for request 42 rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 42 rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name = "NOVELL-QT5M8B08\radiususer" rlm_realm: Found realm "NOVELL-QT5M8B08" rlm_realm: Adding Stripped-User-Name = "radiususer" rlm_realm: Proxying request from user radiususer to realm NOVELL-QT5M8B08 rlm_realm: Adding Realm = "NOVELL-QT5M8B08" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "ntdomain" returns noop for request 42 rlm_eap: EAP packet type response id 7 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 42 modcall[authorize]: module "files" returns notfound for request 42 rlm_ldap: - authorize rlm_ldap: performing user authorization for radiususer radius_xlat: '(cn=radiususer)' radius_xlat: 'o=novell' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=novell, with filter (cn=radiususer) rlm_ldap: Added the eDirectory password in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user radiususer authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 42 modcall: leaving group authorize (returns updated) for request 42 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 42 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 42 modcall: leaving group authenticate (returns invalid) for request 42 auth: Failed to validate the user. Delaying request 42 for 1 seconds Finished request 42 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.1:21647, id=103, length=190 Sending Access-Reject of id 103 to 10.0.0.1 port 21647 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 36 ID 97 with timestamp 43cde156 Cleaning up request 37 ID 98 with timestamp 43cde156 Cleaning up request 38 ID 99 with timestamp 43cde156 Cleaning up request 39 ID 100 with timestamp 43cde156 Cleaning up request 40 ID 101 with timestamp 43cde156 Cleaning up request 41 ID 102 with timestamp 43cde156 Thanks and Regards. -Sayantan.