Thank you so much for your help. I used the chmod command on the root user to allow the permission and I used the testing user command as a regular user in the debugging mode and it worked. But, I tried to test all the protocols, they are working in the default testing. I tried to set only EAP PEAP-MSCHAPv2 method by commenting out all the others EAP methods except EAP-TLS and EAP-TTLS, and setting default_eap_type = peap. i also changed the password from cleartext into somethin like this ** " testing" User-password = "P@ssw0rd "** But I don't know how to configure the inner-tunnel virtual server inside the sites-enabled in order to allow 802.1x authentication. when i tried to test without configuring the inner-tunnel virtual server i got this . rad_recv: Access-Request packet from host 127.0.0.1 port 55247, id=123, length=77 User-Name = "testing" User-Password = "P@ssw0rd" NAS-IP-Address = 192.168.9.27 NAS-Port = 0 Message-Authenticator = 0x42afe3cc71c80db704cb5b4d6f915c1e server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] No EAP-Message, not doing EAP ++[eap] = noop WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [files] users: Matched entry testing at line 51 [files] expand: Hello,%{User-Name} -> Hello,testing ++[files] = ok ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = ok ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. } # server inner-tunnel Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 123 to 127.0.0.1 port 55247 Reply-Message = "Hello,testing" Waking up in 4.9 seconds. Cleaning up request 0 ID 123 with timestamp +16 Ready to process requests. i tried to test the peap method using jradius simulator i got this Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 123 to 127.0.0.1 port 55247 Reply-Message = "Hello,testing" Waking up in 4.9 seconds. Cleaning up request 0 ID 123 with timestamp +16 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=2, length=73 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 EAP-Message = 0x0200000c0174657374696e67 Message-Authenticator = 0x3cc3c953e07cc82b12dc94c65102acd1 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[unix] = notfound WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [files] users: Matched entry testing at line 51 [files] expand: Hello,%{User-Name} -> Hello,testing ++[files] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 2 to 127.0.0.1 port 47000 Reply-Message = "Hello,testing" EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028cf4db9debca7c7b78161462f Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=3, length=151 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028cf4db9debca7c7b78161462f EAP-Message = 0x020100481900160301003d010000390301531ff150fa7d236ea125d229a2f796c081b24c29d4b8fd319c253f294bec4dfd0000120039003800330032001600130035002f000a0100 Message-Authenticator = 0xe3826c6167a24627480ce56fbd6769a0 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 72 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 003d], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 08d0], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 3 to 127.0.0.1 port 47000 EAP-Message = 0x0102040019c000000b1f160301002a020000260301531ff1501b19bf495e28952a475864897eae5fcc49b9269c4515e0631ef156910000390016030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3134303232353039343530365a170d3135303232353039343530365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100aed3f4e6fa9efadea640eccdba95ba84671a37bd5f8f0526f781d7f52310288efaa32fa4a513a922af4adfe4b160dad05cb685dbbfb809801b7eba53bed1 EAP-Message = 0xb37c222a83b63d94afe8d30f195808535b8ace500284ce9163df58c24b7dc64f2c11817aedc26a45da19a8184ae6c3a357ebf7bbb0bd39cb62f9273fcdaf512343aaca2110b87b2c2115cf7f43299bfd922641a4dd9773e0d6cb904efe06a6a265131a04b08f37d455c557c056e311304cb1a84cf993992b0b01647bd46d591c01f50afc0c11c8093785b9fb90dd102383981dbdec2283e96fe537b589d446df50d8693917fabf154ddc66caa6a3ef01e608f17565eb2520cd41ed765d977e9b3d450203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba029a0278625687474703a2f2f777777 EAP-Message = 0x2e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010505000382010100d7f9a17398b726d5861c69fb1425fc06ec2ced7f2a22b411d42c03275ac249d7236d84bcdf767616edd9c1b15aadbe57aa8c9c9a0350e998066a9407bbd9c7ede47f1020b4115429bc60dec66afc0a1db3def7cd5b2bc8423fc950f7db57a682999127e2abda907ebb7a8b3b040e1296840bce6847fd44e3263d1399b3f85129313e5c4405f287488035e2df63840f2833398d80c68b4c13e328f46af697946722924e1546254ad9d8a4387bbe348d010f147e9c59a4a1258944f07d8351b28b7ed7e7eef81522158fe7ae14aa39 EAP-Message = 0x680bc8b86dc2911707736c66 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028ce4eb9debca7c7b78161462f Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=4, length=85 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028ce4eb9debca7c7b78161462f EAP-Message = 0x020200061900 Message-Authenticator = 0xd8c05c3b9c781d52ed7b93d2d7e5f299 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 4 to 127.0.0.1 port 47000 EAP-Message = 0x010303fc1940f113789d5fe58467daa0b48d626dcb3d8da9062245d90c64ea654f3981c73a5ca1267f6e525a0004e5308204e1308203c9a003020102020900a9f66bfe117a6d3a300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3134303232353039343530365a EAP-Message = 0x170d3135303232353039343530365a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e179503ca3da7dcf981aff930f99b8c5a2296ba5072376dc3ad0566b0f09807a284b1ff4cbc0812143ef3a248f2ff2940cc71e1edfaa16 EAP-Message = 0x6091744a8a2cf21a400b59a98250e0097f78c4f7eb5359a896c83856df1239276c4984ed013d5083dfc1f54dbe83082bfca40f48542185e58b53a68c2278b86523dd381d94afc91f584a9471dd84d1582a2c5ae2a59a15c291cfb885c37dedaacd9e0d8582c629cbf7df7a1ae856e776c039d75bdc388105e0e7f881360e1c1deb7c161ef4dd374dc14250813390f4f75cc47c2b675098927890b9d73231ab79cf492ba86b7e4901a29ea1c406a89505622c378939677bd76cf58a49e3fa442ab2093278776958f3370203010001a382013430820130301d0603551d0e0416041432ea5b0d0283f7fe235134d0055fca1822af60a93081c80603551d23 EAP-Message = 0x0481c03081bd801432ea5b0d0283f7fe235134d0055fca1822af60a9a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a9f66bfe117a6d3a300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578 EAP-Message = 0x616d706c655f6361 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028cd4fb9debca7c7b78161462f Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=5, length=85 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028cd4fb9debca7c7b78161462f EAP-Message = 0x020300061900 Message-Authenticator = 0xb79350a495b09dc0b764088a6e733871 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 5 to 127.0.0.1 port 47000 EAP-Message = 0x0104033919002e63726c300d06092a864886f70d01010505000382010100a4e27f07df6259c73bdf038c528225ab72be8e8447acf759c13159d2e48eb016b6f54c410363392f9d36b4d9a652e871e000e39dd1ae409a5106fa7582ed55601a764fab3bd81e384c3de62d04394a30ab1f0b0820e1eeeb27209c237cf39eb401d76d67756d1dd2129f849a0845e39b159304fe5c62e3950f4d49b6db7b314fc7f244ef19f9efba015dde6d609eaf3556a83b404bb64718b64e7b16d050e103dd715e20691b4a6e31d31ab065bb7a6b8b0f8f27b42726e9c9187f94572613e5c36e433a7b24afffa293930597e486a477c228cc2a9d50f5c916a50f144b3c EAP-Message = 0x7a7a633cb797174fe44470f989dd72a3e9783c745df5cf318e3e84bd246d11d900160301020d0c0002090080a8f0e70aef23c507c30ad6cb681afb5153bfc1417fbe2b4b6ccd4898760c984564b5308bacd50cdcc3ee5e9ddf84cf6047239302a988c35b1c78f6da77b18e079216b679e618fff798faaec47a25ed37480f74dd76d8cbd125384fed51b31efa6ff0feb3e8de9f387c2ee7cc313d2de8ae2e67b01605e9b019720135e9685b5b000102008025814b22830831f6716e74da15ba9866e69b7f29a54fafff0bdeeb38cadbbab1ffb7d1ccc326a9f7b3e5d7c12b446fd44e09c5294b9d2dbaa0273d82358d97297e176d5c8d5ce98fd52aa9a8 EAP-Message = 0x711535a625454a646980373ccb9639d0ebf2b44bc9f0985cfe4c763948d90a838cab0e491f82323dcb1fac770281519ae7a3f4b2010045dc48edf7fdf54171fb368899a00e657c859fcc3fab1f4da00a892dac500c3209280b06420037a1cc2c74333bf826196f3564a008c7e756af5d45b91e619031509ed5afe63bc9d63130f00e462fbe807aee61798a5b3880f83e8e4f6e98779c92e8b8cb18b516b8579e88f2696efd71d0f3498a395025e78c2f00e487aec42affc9dc521b20547e4f6ccf0967b0e145e9ebc8c34b195356a8ed0fca339b11e1a2e8dfc655a72e1db0da0a0df88852bc37307c7ea7eead34495fce92831bece6f74412597d10f3 EAP-Message = 0x75d5d456af23cdd69bc61243b41168d572cabf8768a2780054e9949c1cb9bf222692af5cd4e08a19acba977d1671098c9131876d1b30fefa1816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028cc48b9debca7c7b78161462f Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=6, length=315 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028cc48b9debca7c7b78161462f EAP-Message = 0x020400ec19001603010086100000820080a77f24ad2050e6bd07cbbef0f616a25dc4d4022a5a8ff6e4f0a4aa13254ed96e6d343ea6c9e92f8905f1889d772e5e85e966b0e0d4c510d1eb9e9105dc8beb84c2f56e9723994de83325df2017edbf1cdd8ec6da78f3403b9dcd3e29a794d5d091d321f9bc435b87a880cff4d730cfd8bd8c7000c0d4cdc452799ad8968dc4541403010001011603010050c491f1ada3008208f04f195129505068ddeb05f6f2b1d9e6bfd8e309f143be46cb9d9668d481f23d7a80c3c99485d2ab8180df3dbf52b8e3af67465835f446620d1f13735fa3f83850591a3947be7655 Message-Authenticator = 0x86eb2811521a1551f40507327ff12743 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 236 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 6 to 127.0.0.1 port 47000 EAP-Message = 0x0105004119001403010001011603010030924cb8cd91029f0767c24ee999838826f05fe99d10722855956dae0ff10e6c4ac9bf0e17151503ba04ccba9b09d0e497 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028cb49b9debca7c7b78161462f Finished request 5. Going to the next request Waking up in 4.1 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=7, length=85 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028cb49b9debca7c7b78161462f EAP-Message = 0x020500061900 Message-Authenticator = 0x6cf39e9e692ebc10078a1dea5845477d # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 7 to 127.0.0.1 port 47000 EAP-Message = 0x0106002b1900170301002057428dfbc1a703902f590dfce56bae6cd5e6c39efca98488f76badf9b0852fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028ca4ab9debca7c7b78161462f Finished request 6. Going to the next request Waking up in 4.1 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=8, length=175 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028ca4ab9debca7c7b78161462f EAP-Message = 0x0206006019001703010020121d5f70b18873c2ce8adc64ee86316d43cc5c587a65cfede3885092292f45621703010030ae623579fca299bdad152eff69c508636ec69ba9fb2c62f443a75d108dae0e2f80a5cfee6ab81fe8ffe3a8e96fccc18e Message-Authenticator = 0xea19005096c49a314c145dd25e9c8ec2 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 96 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - testing [peap] Got inner identity 'testing' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0206000c0174657374696e67 server { [peap] Setting User-Name to testing Sending tunneled request EAP-Message = 0x0206000c0174657374696e67 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "testing" server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 6 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated WARNING: Found User-Password == "...". WARNING: Are you sure you don't mean Cleartext-Password? WARNING: See "man rlm_pap" for more information. [files] users: Matched entry testing at line 51 [files] expand: Hello,%{User-Name} -> Hello,testing ++[files] = ok ++[expiration] = noop ++[logintime] = noop ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] No such EAP type mschapv2 [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated } # server inner-tunnel [peap] Got tunneled reply code 3 Reply-Message = "Hello,testing" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 Reply-Message = "Hello,testing" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 8 to 127.0.0.1 port 47000 EAP-Message = 0x0107002b1900170301002057077c5e5c4d4c0e362ffe95fff5a33129b376ed00b69e00c99fffcda1428251 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcf4ca028c94bb9debca7c7b78161462f Finished request 7. Going to the next request Waking up in 4.0 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 47000, id=9, length=175 User-Name = "testing" NAS-Port = 0 NAS-IP-Address = 127.0.0.1 State = 0xcf4ca028c94bb9debca7c7b78161462f EAP-Message = 0x0207006019001703010020a0530d6df4bf549909743f057be762457c2b6abd38eb6235375f20a27e93fc851703010030fad2db6536da7f64fcc88f8b2a13970065906d4af2accb08c2d89846de9b30519d192e030afa21f131badbc40cbff6da Message-Authenticator = 0xd47ab810fc992cf5a094df676da234a6 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "testing", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 96 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +group REJECT { [attr_filter.access_reject] expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 9 to 127.0.0.1 port 47000 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.0 seconds. Cleaning up request 1 ID 2 with timestamp +800 Cleaning up request 2 ID 3 with timestamp +800 Cleaning up request 3 ID 4 with timestamp +800 Cleaning up request 4 ID 5 with timestamp +800 Waking up in 0.8 seconds. Cleaning up request 5 ID 6 with timestamp +800 Cleaning up request 6 ID 7 with timestamp +800 Cleaning up request 7 ID 8 with timestamp +800 Waking up in 1.0 seconds. Cleaning up request 8 ID 9 with timestamp +800 Ready to process requests.