Hi; We upgraded our radius to Freeradius 2.1.10 version on Ubuntu 32bit from an old version Our problem is windows xp clients cant login to wireless and radius has "User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2" error mesages At the old version freeradius at exactly same configuration clients had not any problem realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } authtype = MS-CHAP with_ntdomain_hack =yes You can find debug log export at below What we need to do ? BR Gokhan User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0201001101676f6b68616e67756e796f6c Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x50f0ec9d540b9d5e24090ea7de41963a # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 1 length 17 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 154 to 10.200.0.2 port 32795 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51005d77e23351c7d723e9be1 Finished request 272. Going to the next request rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=137, length=297 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0202005719800000004d160301004801000044030150923dd861119125fc2259c6b0bc6056 daa0fbf2c9a746654b172f25019442cd00001600040005000a00090064006200030006001300 12006301000005ff01000100 State = 0x1007cea51005d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x711e835734fabd4577390bed80cf0722 # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 2 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 07af], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 137 to 10.200.0.2 port 32795 EAP-Message = 0x0103040019c0000007f316030100310200002d030150923de9c2b9bb8cd34ef049ee8297b8 d2c2431864dd9f472838bcbf6c1279cf000004000005ff0100010016030107af0b0007ab0007 a80003e8308203e43082034da003020102020200b9300d06092a864886f70d01010505003081 9f310b30090603550406130254523111300f06035504071308497374616e62756c311b301906 0355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e66 6f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e697665 72736974793127302506092a864886f70d010901161873797361 EAP-Message = 0x646d696e40736162616e6369756e69762e656475301e170d3132303531303130333233355a 170d3135303531303130333233355a30819f310b30090603550406130254523111300f060355 04071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273 697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b3019060355 040313125261646975732041757468205365727665723127302506092a864886f70d01090116 1873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d 010101050003818d0030818902818100a868d32fea2097c26fc7 EAP-Message = 0x06c909e04dffea3289404adeca30535091e4e2b65a36ee9adfe02002bde974063907877737 74e2ef394cef6e918710c7010ce82e41bc97211b8ab3b109377bcee92e67133965afb7e48c4b 2dc1a0e224c721b63b2584c6d16b5a64c4a8f183062baac5d87fdb2250372a4b3fc75f2c3a42 0ec29a5cb90203010001a382012b3082012730090603551d1304023000302c06096086480186 f842010d041f161d4f70656e53534c2047656e65726174656420436572746966696361746530 1d0603551d0e04160414a34c94bbb730604678cc372d518bbbbbe1c43e3a3081cc0603551d23 0481c43081c18014c6c1f74047266b05e67daee7263acf804303 EAP-Message = 0xbd0aa181a5a481a230819f310b30090603550406130254523111300f060355040713084973 74616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a30 18060355040b1311496e666f726d6174696f6e20546563682e311b3019060355040313125361 62616e636920556e69766572736974793127302506092a864886f70d01090116187379736164 6d696e40736162616e6369756e69762e656475820100300d06092a864886f70d010105050003 8181003b55627e878b84bbfc142e852404b1f5c0d0866cb76d1cd12ce1c45bcc36c2492f4f4b fe4af1b175e79ab4f3eb915085c9e50afd756a44dc758d4d56f4 EAP-Message = 0xff14f1d23ad3d94011923725 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51104d77e23351c7d723e9be1 Finished request 273. Going to the next request Cleaning up request 258 ID 63 with timestamp +759 rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=222, length=216 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020300061900 State = 0x1007cea51104d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0xaedcfb0ad4ddd446ffbad960996ff1fe # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 222 to 10.200.0.2 port 32795 EAP-Message = 0x010403fc1940aa154b4beb99b0651d518b10cde973766e445b091bfdb89d709d3d36d3efcf a451eafe08fa690edc4b432017567af20d482218484a45bf0003ba308203b63082031fa00302 0102020100300d06092a864886f70d010104050030819f310b30090603550406130254523111 300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e 6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b 301906035504031312536162616e636920556e69766572736974793127302506092a864886f7 0d010901161873797361646d696e40736162616e6369756e6976 EAP-Message = 0x2e656475301e170d3033303331393038343032305a170d3133303331363038343032305a30 819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019 060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e 666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e6976 6572736974793127302506092a864886f70d010901161873797361646d696e40736162616e63 69756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100 b4d46775b459661c4ba537e81197a67c18ab969ba96fb2ad2a7e EAP-Message = 0x0f5a8de0ae0d8b564b1269b32de256c8a526139934887adf8c5d1886da51c3d92ecbb91c01 b07ca4cbae2d4d5edf5962133790fc813ad092478d304e4b5344d63bf2af0607bb3d8de02522 dadb62b8972928232ba581d7a047a1c9187eb4c5549a56f3780b6d0203010001a381ff3081fc 301d0603551d0e04160414c6c1f74047266b05e67daee7263acf804303bd0a3081cc0603551d 230481c43081c18014c6c1f74047266b05e67daee7263acf804303bd0aa181a5a481a230819f 310b30090603550406130254523111300f06035504071308497374616e62756c311b30190603 55040a1312536162616e636920556e6976657273697479311a30 EAP-Message = 0x18060355040b1311496e666f726d6174696f6e20546563682e311b30190603550403131253 6162616e636920556e69766572736974793127302506092a864886f70d010901161873797361 646d696e40736162616e6369756e69762e656475820100300c0603551d13040530030101ff30 0d06092a864886f70d010104050003818100146ceba80178d651a8a31c3e9c0cc9a00f0a4ff1 885f2513befb08f252b0cfcda3db78b749e97c2b81293febd5327166c40d9a1fc660e006b041 be67976381b6610dd938cd1c4dd57bbec9a3f0cf95fce609392ea17400c24acc4dd9c8c1b962 818d9d2ee0081f868984a5b472d757746af53244cffc6c46f741 EAP-Message = 0x939a3cb53a961603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51203d77e23351c7d723e9be1 Finished request 274. Going to the next request Cleaning up request 259 ID 58 with timestamp +759 rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=4, length=216 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020400061900 State = 0x1007cea51203d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x66ee7c8a6e9f1922ad84549e4bd66bb6 # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 10.200.0.2 port 32795 EAP-Message = 0x0105000d19000100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51302d77e23351c7d723e9be1 Finished request 275. Going to the next request rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=23, length=402 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020500c01980000000b61603010086100000820080700e1be39859332693d138b13d7e28ea b48a5f87e939eeb5d0978da9efd0957c2df909e3bcc53330e00981b44ca7eea794e28607d996 80c38bfb6886d6d3f689e4b8e2251eb9fed2f9747f905c664b4d39ced29c4e8eaa87c4479ebe 30a0c817b52eb0e1c6ebe80a3c8adc3c51352752803f9f15746bfef8bba5724e5d475f5d1403 01000101160301002067324c95356ea8cec4f757f37caa1e0bad62558c0e9372b33e9ac4f238 1bbcf6 State = 0x1007cea51302d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x280d05f5afa8df8132594e3046573b8e # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 5 length 192 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 182 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 23 to 10.200.0.2 port 32795 EAP-Message = 0x01060031190014030100010116030100201137f7a6559497aeecf8db8a0dafbbc6f6a4014c 362fb22f123f439db04ae04f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51401d77e23351c7d723e9be1 Finished request 276.