Hello. In the environment of CentOS 7.3, FreeRADIUS 3.0.4, local users file (/etc/raddb/mods-config/files/authorize) can not authenticate. It is set to authenticate with mschap using inner-tunnel, and the following I confirmed that authentication succeeds with the command. (username@eduroam.test.edu is the user on the AD server) # radtest - t mschap username@eduroam.test.edu test 127.0.0.1: 1812 0 testing 123 Received Access-Accept Id 32 from 127.0.0.1: 1812 to 127.0.0.1: 42901 length 84 Next, to monitor the service, add the following entry to local users file. radtest@eduroam.test.edu Cleartext - Password: = "test" Running radtest in this state will fail. # radtest radtest@eduroam.test.edu test 127.0.0.1: 1812 0 testing 123 Received Access-Reject Id 79 from 127.0.0.1: 1812 to 127.0.0.1: 55380 length 20 Looking at the log (/var/log/radius/radius.log), files seems to be noop and is not recognized. (0) [suffix] = ok (0) eap: No EAP-Message, not doing EAP (0) [eap] = noop (0) [files] = noop <- This is wrong???? (0) [expiration] = noop (0) [logintime] = noop (0) WARNING: pap: No "known good" password found for the user. Not setting Auth-Type (0) WARNING: pap: Authentication will fail unless a "known good" password is available (0) [pap] = noop (0)} # authorize = ok (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user (0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [radtest@eduroam.test.edu/test] (from client localhost port 0) Please tell me how to do RADIUS authentication with local user file for service monitoring. The difference of the setting file is as follows. - / etc / raddb / site-available / inner-tunnel # Diff -ruN inner-tunnel.ORG inner-tunnel --- inner-tunnel.ORG 2015-03-06 08: 41: 49.000000000 + 0900 +++ inner-tunnel 2016 - 11 - 04 13: 45: 27.316287839 +0900 @@ -100, 9 + 100, 9 @ @ # If you want the inner tunnel request to be proxied, delete # The next few lines. # - update control { - Proxy - To - Realm: = LOCAL -} + # Update control { + # Proxy-To-Realm: = LOCAL + #} # # This module takes care of EAP-MSCHAPv2 authentication. @@ -210,6 + 210, @ @ @ # Pluggable Authentication Modules. # Pam + Ntlm_auth + # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against - /etc/raddb/proxy.conf Realm "~^eduroam\.test\.edu$" { Authhost = LOCAL Accthost = LOCAL } Home_server server1 { .... } Home_ server server 2 { .... } Home_server_pool server { Type = fail-over Home_server = server1 Home_server = server2 } Realm DEFAULT { Pool = server Nostrip } Best regards!