When I try to do MAC auth, it shows No User, though it works fine when I remove the Calling-Station-Id check item from MySQL. Debug shows quotes around MAC.I put MAC in database with and without quotes and still errors. Any ideas? Thanks! Eric SQL DATABASE: DEFAULT Fall-Through = Yes eric1328 Cleartext-Password := PASSWORD eric1328 Calling-Station-Id == 00-1C-B3-B1-3E-07 DEBUG: ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 164 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 98 to 192.168.0.1 port 21693 EAP-Message = 0x01a503fc194000f5762e66fa9d8422300d06092a864886f70d0101050500308193310b3009 060355040613024652310f300d06035504081306526164697573311230100603550407130953 6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a 864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d 4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303131 313139303133315a170d3130303131313139303133315a308193310b30090603550406130246 52310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120 301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603 550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122 300d06092a864886f70d01010105000382010f003082010a0282010100f1cbee04f9676e1c96 ebbe8d583605ad2deaf236abc16a11249f38d1677d43ea83dcceace1271e165fa2c7371e02c0 94dfdd082f17cfee16d6fb6a75e828d4e46437e8850eea413de14cc89d420c8fd641bec5b836 f93376071d6fc38250efcc850cfdf79e26a92c3909faa42cc2ef EAP-Message = 0x3b6535fd406d7a979ac98783eb6945a286d076aa1408b0c7de16e0ae23c70711049e7727c1 ff4a6c8f4854a6a278308de17d3175d2a4ba9d2f96278f84b96e8446bba5947820790093a125 a06bcc8f958f75027aa07da3463fadbd8c94b9c005a95a8308fda13544df89c4a00b9c762837 16be460a0d2ccf10bbd253047e0517a3be0598567f7828a42a2f49c22d4b8fcb0203010001a3 81fb3081f8301d0603551d0e04160414f95bfae9eee917ed848faa188aea05423fc10a2d3081 c80603551d230481c03081bd8014f95bfae9eee917ed848faa188aea05423fc10a2da18199a4 8196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d6577686572653115301306035504 0a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40 6578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963 61746520417574686f72697479820900f5762e66fa9d8422300c0603551d13040530030101ff 300d06092a864886f70d01010505000382010100514f7f2cb414fdba2fdf77e4f29fe5d7697f 933a0b6e5dd85355df5d1979147096260545f3dc2faf8e127292456eca6accb00a2a855ba96b 9a31fdd1fec998ac5028ad5bfb02ce0cc69d5a39ce28a8d3ae92 EAP-Message = 0xd12dca84626e1183 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af390993fea28ebd7065f57cfd5e2 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=99, length=105 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af390993fea28ebd7065f57cfd5e2 EAP-Message = 0x02a500061900 Message-Authenticator = 0x6b08abda82ea369fb42a1c300666c8a9 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 165 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.0.1 port 21693 EAP-Message = 0x01a600b519003c63087fd1ffa76eaead2ddca3501c2b0ad762482215581804242c0e3fa523 9347513a5fecb4860e64aa93af7b78509316c260bee87d3d9c71d5ff981dddbdee561dd35a9d 863bbb97ea2bcc7bf5be923833eba09620f3055eb4977d217781f01b5777e4dd4f0a3e8fad4b 98ac4f35519c4400deb13a663737e330dcc81852b807c34b8f287727394e8873b08059bebd25 26fc9af290c4b50f460db89aeb2ef70709904d86db16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af3909e3cea28ebd7065f57cfd5e2 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=100, length=437 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af3909e3cea28ebd7065f57cfd5e2 EAP-Message = 0x02a60150198000000146160301010610000102010015e07115bcb9fbbc93abce7a91dd7369 ef22d52495326fa65147364304dbd31e06605bb2bf682c0d3504ec792f6eab09a924a2435e7a ae281d151de03c5fcc0e1d99cdcaa52e7fcc6e99228f299f974c0f3d769177a06d742493c06d 310bdf90212c49fedf90bd4d32156b5e1a64810144509c3cf29348dbe46888e4f349b486c6cc 545d8772004ef7299fb826e344364df4af4c06310581e58a96593935c8f3f13ef760497af2d6 a6467772f3eb116034298138b99bfd2cac344f5b70f094cf8c29c0c4d53e4d233be0688a20c4 4063f32857a137435819cb143926bf536a649fee46875dc8e428 EAP-Message = 0x1a91222d5ca7bf781c16628bf635acfbf1f5846c199745b61403010001011603010030be3c f7249124fb25b03a11b76b5fc07a589275055940a5d801209c599ae0de7b7e6bd7e15fb5d245 1ac2cd632ac23179 Message-Authenticator = 0xee555d72422495de2fbb5c975552cc09 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 166 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.0.1 port 21693 EAP-Message = 0x01a7004119001403010001011603010030c9a77ba3f2ef8689c1c1f357506c8ed32a474d47 36624bf52da7ad3e4d1025c601676fba45daafde076e8baf1ecbbb8a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af3909f3dea28ebd7065f57cfd5e2 Finished request 5. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=101, length=105 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af3909f3dea28ebd7065f57cfd5e2 EAP-Message = 0x02a700061900 Message-Authenticator = 0x65fe256227f65fdf404f4543848b95af +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 167 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.0.1 port 21693 EAP-Message = 0x01a8002b19001703010020bf063ab4620738f9eedd92219d0bece9fbeb543f33752c0e7f44 8525350354f0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af3909c32ea28ebd7065f57cfd5e2 Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=102, length=142 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af3909c32ea28ebd7065f57cfd5e2 EAP-Message = 0x02a8002b19001703010020eccc437b43dd6a7c42d2de8276631dc72127ab1f9e42ff311be2 f1374d595f2a Message-Authenticator = 0xb1dd21f5d4c56f8e9deeea2a74b188c2 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 168 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - eric1328 [peap] Got tunneled request EAP-Message = 0x02a8000d016572696331333238 server { PEAP: Got tunneled identity of eric1328 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to eric1328 Sending tunneled request EAP-Message = 0x02a8000d016572696331333238 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "eric1328" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 168 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> eric1328 [sql] sql_set_user escaped user --> 'eric1328' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eric1328' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eric1328' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 [sql] User eric1328 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbae8d73eba41cd116372880e81164985 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbae8d73eba41cd116372880e81164985 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.0.1 port 21693 EAP-Message = 0x01a9004b19001703010040d087142a3fe21435656348569a3b0e0c5ea4bff508b77bec644a 0d94edc3c0e0e70e5000b9d27d965b670cd1894dd78f8b0609441c64bb5804bc092ee9b5cda5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af3909d33ea28ebd7065f57cfd5e2 Finished request 7. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=103, length=206 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af3909d33ea28ebd7065f57cfd5e2 EAP-Message = 0x02a9006b190017030100603aee6bf19ded97d3b37a40a5de93b752ddc952a08cd203826107 234fe48d6c3f06259ab839dc022c651d85faeba18ea1a372f7beb5b7e0879ab851a19a349418 2cc1af62c02a209d4c5fd21be0f2631b5aa8197cf039805b8660b038a1366dd6 Message-Authenticator = 0x892144a42db4aad9a9a8376fcf99ee31 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 169 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331 ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238 server { PEAP: Setting User-Name to eric1328 Sending tunneled request EAP-Message = 0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331 ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "eric1328" State = 0xbae8d73eba41cd116372880e81164985 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 169 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> eric1328 [sql] sql_set_user escaped user --> 'eric1328' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eric1328' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'eric1328' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User eric1328 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for eric1328 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [eric1328] (from client private-network-1 port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\251E=691 R=1" EAP-Message = 0x04a90004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\251E=691 R=1" EAP-Message = 0x04a90004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.0.1 port 21693 EAP-Message = 0x01aa002b1900170301002048fa64ef04156959ee63b45c4fcc4e12accaaab2a60a2394ca2a 760f2e507884 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a9af3909230ea28ebd7065f57cfd5e2 Finished request 8. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=104, length=142 User-Name = "eric1328" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x9a9af3909230ea28ebd7065f57cfd5e2 EAP-Message = 0x02aa002b190017030100202916f6564d6d9ba431acbff58f2f080c7400122e76e082424a7e e58e8e031db5 Message-Authenticator = 0xa714f18d12ee34c613cf1ca4610a715a +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128 [auth_log] expand: %t -> Wed Jan 28 10:08:48 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "eric1328", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 170 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [eric1328] (from client private-network-1 port 0 cli 00-1C-B3-B1-3E-07) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> eric1328 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 104 to 192.168.0.1 port 21693 EAP-Message = 0x04aa0004 Message-Authenticator = 0x00000000000000000000000000000000