Situation: a freeradius server (debian stretch, 3.0.12+dfsg-5+deb9u1) binded to a Samba AD domain (so using EAP, PEAP, MSCHAPv2). I've some 'non human' clients that typically i connect via direct password insertion in users and huntgroups, eg: lp_hpcljm452-1 Cleartext-Password := "unknown;-)", MS-CHAP-Use-NTLM-Auth := 0, Expiration := "Dec 31 2030 19:00:00", Huntgroup-Name == "lp_hpcljm452-1" lp_hpcljm452-1 Calling-Station-Id == "60-6D-C7-27-C1-C9" But this client (an HP Color LaserJet M452nw) claim to have support for PEAP, LEAP and EAP-TLS, not explicitly citing MSCHAPv2. If i try to use PEAP i lead to: Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! We requested to use an EAP type as normal. Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! The supplicant rejected that, and requested to use the same EAP type. Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! i.e. the supplicant said 'I don't like X, please use X instead. Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! The supplicant software is broken and does not work properly. Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) eap: WARNING: !!! Please upgrade it to software that works. Apr 10 12:00:07 vdmsv1 radiusd[1283]: (5103) Login incorrect (eap: No mutually acceptable types found): [lp_hpcljm452-1] (from client unifi-sv port 0 cli 60-6D-C7-27-C1-C9) There's some way i can force a 'compatible' EAP type for that user and only that? Thanks. -- Ventiquattromilapensierialsecondofluisconoinarrestabili alimentando voglie e necessita`. (CSI)