Hi, I am new to freeradius and am trying to setup freeradius 2.1.12 with mysql used by strongswan. Strongswan is talking to freeradius using eap-radius using Ikev2. I have been able to get Strongswan Ikev1 working talking to freeradius/mysql using eap-Xauth. But i cant get it to work with Ikev2 and eap-radius. In my database table radcheck i have: | id | username | attribute | op | value | +----+----------+--------------------+----+----------+ | 1 | darwin | Password | == | mypass | | 3 | frodo | Password | == | baggins | | 4 | carl | Cleartext-Password | := | connect1 | I am using username 'carl' and have changed the DB attribute from Password to Cleartext-Password and updated the op to := from == but this did not make any difference. I am finding that i get these errors and authentication fails. More detailed logs are further below. Logs: [pap] No clear-text password in the request. Not performing PAP. ++[pap] returns noop WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. Is it possible either the password is not being passed in as its not show in the logs ? I looked in my config files and dont see any Auth-Type=Local I am not sure what to do next. Advice is much needed. Many Thanks Carl My config : authorize { filter_username preprocess auth_log chap mschap digest suffix eap { ok = return } files sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } digest # pam unix eap } preacct { preprocess acct_unique suffix files } Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 44311, id=219, length=133 User-Name = "carl" NAS-Port-Type = Virtual Service-Type = Framed-User NAS-Port = 6 NAS-Port-Id = "win7" NAS-IP-Address = 178.62.119.121 Called-Station-Id = "178.62.119.121[4500]" Calling-Station-Id = "191.101.55.203[4500]" NAS-Identifier = "strongSwan" Message-Authenticator = 0xcf65b96f46f3e40a5066f6f4111c48fa # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/auth-detail-20141211 [auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20141211 [auth_log] expand: %t -> Thu Dec 11 18:35:52 2014 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "carl", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry carl at line 1 ++[files] returns ok [sql] expand: %{User-Name} -> carl [sql] sql_set_user escaped user --> 'carl' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'carl' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'carl' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'carl' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] No clear-text password in the request. Not performing PAP. ++[pap] returns noop WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. No User-Password or CHAP-Password attribute in the request. Cannot perform authentication. Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> carl attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 219 to 127.0.0.1 port 44311 Waking up in 4.9 seconds. Cleaning up request 0 ID 219 with timestamp +3 Ready to process requests.