Hi Freeradius Users I am hoping you can help me. I have been battling the past couple of days getting StrongSwan (5.9.3) IKEv2 authentication by eap-radius to work. FreeRADIUS Version 3.0.23 ............ ............ ............ | (5) eap: Expiring EAP session with state 0x98fe0da799fc17eb | (5) eap: Finished EAP session with state 0x98fe0da799fc17eb | (5) eap: Previous EAP request found for state 0x98fe0da799fc17eb, released from the list | (5) eap: Peer sent packet with method EAP MSCHAPv2 (26) | (5) eap: Calling submodule eap_mschapv2 to process data | (5) eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/default | (5) eap_mschapv2: authenticate { | (5) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password | (5) mschap: Creating challenge hash with username: chris | (5) mschap: Client is using MS-CHAPv2 | (5) mschap: ERROR: FAILED: No NT-Password. Cannot perform authentication | (5) mschap: ERROR: MS-CHAP2-Response is incorrect ............ ............ ............ | (5) } # Post-Auth-Type REJECT = updated | (5) Login incorrect (mschap: FAILED: No NT-Password. Cannot perform authentication): [chris/<via Auth-Type = eap>] (from client rad_clients port 8 cli 172.29.0.1[55829]) | (5) Delaying response for 1.000000 seconds | Waking up in 0.6 seconds. ================== Freeradius is using the MySQL driver (driver = "rlm_sql_mysql") and the eap module is set to use md5 as the default (default_eap_type = md5). When I do radtests directly to radius, I receive "Access-Accept" for PAP,CHAP & MSCHAP authentication types. However, radtest authentication type eap-md5 also fails stating that there is no cleartext-password in the radius logs. My users in freeradius are configured in the radcheck table with the following: ------------------------------------------------------------------------------------ id | username | attribute | op | value ================================================ 1 | chris | Cleartext-Password | := | chris12345 ------------------------------------------------------------------------------------ I've been up and down the configuration, but I cannot seem to figure it out. To me it seems that when I use the eap for authentication, it fails to lookup the radcheck table for the password. Any assistance or additional information I can provide to help the investigation? TIA __ Regards Chris Myburgh