Hello, I have usual problem for persons who wants to setup LDAP+PEAP integration. I want to setup WIFI with PEAP auth. via FreeRadius. The problem is that I can login with ldap login thought radtest testuser 123456 localhost 10 secret. But I can't do the same thought my wifi laptop(ldap login) but I can login on my laptop with local login (/etc/freeradius/users). I found several suggestion according my situation but I can't solve the problem. Delete :DEFAULT Auth-Type := LDAP Add : checkItem User-Password userPassword checkItem userPassword lmPassword It seems that is my direct ldap query don't have : User-Password = "" Atribute. log file ================================== rlm_realm: No '@' in User-Name = "username", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_realm: No '\' in User-Name = "username", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for username radius_xlat: '(&(uid=username)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=username)(objectClass=posixAccount)) rlm_ldap: checking if remote access for username is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user username authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 211 to 100.100.128.139 port 6001 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x944b46983edee9d6374c638b077a98b0 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=212, length=347 User-Name = "username" NAS-IP-Address = 100.100.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Identifier = "ORiNOCO-AP-700-64-66-a3" State = 0x944b46983edee9d6374c638b077a98b0 Framed-MTU = 1400 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400c01980000000b616030100861000008200807d0aa8cba27d582c350fe812e3a13585488f0fd2dd93ad428f2c412328332d3efe74a4a3ddd31f44aec192a4aafa6d96a78de561284fce538250b20fe110d972de06c41880703f3fe7326e4c5d44d1bb9d5dae51e5b05a5f7bd2e96ca9aa91ba2aaacaecc7f979d32ffd32857dcf70ef92b88a2ec2806593cd1888bbe61f6ece1403010001011603010020e1a93666bea97c8b068187f07c7a55b581fee2dc5f9b7ba1b8b920487c503178 Message-Authenticator = 0xd7ccfc59fba379f1f22b2d86f284967f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user username authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 212 to 100.100.128.139 port 6001 EAP-Message = 0x0105003119001403010001011603010020fcb9a12ef0f4c6ee542c7448c19f2d0a90980fbeccc23732a37133106723dc53 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9f545f6b44154fe7443c4c9b8503f14d Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=213, length=161 User-Name = "user" NAS-IP-Address = 100.100.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Identifier = "ORiNOCO-AP-700-64-66-a3" State = 0x9f545f6b44154fe7443c4c9b8503f14d Framed-MTU = 1400 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0xfb78e6a22ba9350c248c45488967f9e3 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 213 to 100.100.128.139 port 6001 EAP-Message = 0x010600201900170301001550a63ce907f8230086ea4cfe01fa4b04d285fa90fd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0491782a026ef1c37d38229aa2a09fd2 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=214, length=189 User-Name = "user" NAS-IP-Address = 100.100.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Identifier = "ORiNOCO-AP-700-64-66-a3" State = 0x0491782a026ef1c37d38229aa2a09fd2 Framed-MTU = 1400 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02060022190017030100170c1a8d4e36f76ec984c2802da6ffc5ba177ee6d24fa2b6 Message-Authenticator = 0x2d07b6b5d35b4a8a62e04fee324d7d37 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - user rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0206000b0165726f6e6b6f PEAP: Got tunneled identity of user PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to user PEAP: Sending tunneled request EAP-Message = 0x0206000b0165726f6e6b6f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "user" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010700201a0107001b106ed1ec90bcd32cc73c262c2156f4e35b65726f6e6b6f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe6b54da771c6c9951580aa2c13a974f1 PEAP: Processing from tunneled session code 0x8014b458 11 EAP-Message = 0x010700201a0107001b106ed1ec90bcd32cc73c262c2156f4e35b65726f6e6b6f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe6b54da771c6c9951580aa2c13a974f1 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 214 to 100.100.128.139 port 6001 EAP-Message = 0x010700371900170301002cf7b661ce86c13ad322a5ee1424937977095638f0df2a81f3fbf1edf93d3130ce91835ab86ea73ee239dc5de0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3bc371fff6daef9820ca18ec1a95d748 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=215, length=243 User-Name = "user" NAS-IP-Address = 100.100.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Identifier = "ORiNOCO-AP-700-64-66-a3" State = 0x3bc371fff6daef9820ca18ec1a95d748 Framed-MTU = 1400 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700581900170301004d60cb0ad1df28d5131e19ea9db9006aae8b2fab7987ddf7b12b0ef50d864f1b1a813ef2867eb0af3f119842d120c90c8713f1bc573de395d46e26d4b755c9a81b1c2b725fb8c124cc009c7cb77a Message-Authenticator = 0x446d0653078e6318ed2fcab66426a52f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700411a0207003c31d882c1781c00f76d0e243209bf9bacbd00000000000000005e5fe71c20fb537939dabaa9e0a5e252eeb22bbc2cb884bc0065726f6e6b6f PEAP: Setting User-Name to user PEAP: Adding old state with e6 b5 PEAP: Sending tunneled request EAP-Message = 0x020700411a0207003c31d882c1781c00f76d0e243209bf9bacbd00000000000000005e5fe71c20fb537939dabaa9e0a5e252eeb22bbc2cb884bc0065726f6e6b6f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "user" State = 0xe6b54da771c6c9951580aa2c13a974f1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for user with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x8014e3d0 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 215 to 100.100.128.139 port 6001 EAP-Message = 0x010800261900170301001bb07f823ff790eaac7e023f39cdfa2c13c74448e9b40ce1b6c0335f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8b12accaa14d0c6f0c8e3d6d75bd953f Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=216, length=193 User-Name = "user" NAS-IP-Address = 100.100.128.139 Called-Station-Id = "00-20-a6-64-66-a3:A" Calling-Station-Id = "00-18-de-4e-8f-1d" NAS-Identifier = "ORiNOCO-AP-700-64-66-a3" State = 0x8b12accaa14d0c6f0c8e3d6d75bd953f Framed-MTU = 1400 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001b45b602e857c5b518dcbb213f9a82d53af11486f45a392431f4fc11 Message-Authenticator = 0x4cbc5e10e73739446acfdbb116669e3a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for user is allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user user authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 100.100.128.139:6001, id=216, length=193 Sending Access-Reject of id 216 to 100.100.128.139 port 6001 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 127.0.0.1:1033, id=237, length=58 User-Name = "user" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_realm: No '\' in User-Name = "user", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 8 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for user radius_xlat: '(&(uid=user)(objectClass=posixAccount))' radius_xlat: 'dc=company,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=company,dc=com, with filter (&(uid=user)(objectClass=posixAccount)) rlm_ldap: checking if remote access for useris allowed by uid rlm_ldap: No default NMAS login sequence rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Setting Auth-Type = ldap rlm_ldap: user username authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 8 modcall: leaving group authorize (returns ok) for request 8 rad_check_password: Found Auth-Type ldap auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 8 rlm_ldap: - authenticate rlm_ldap: login attempt by "username" with password "password" rlm_ldap: user DN: uid=username,ou=People,dc=company,dc=com rlm_ldap: (re)connect to ldap1.company:389, authentication 1 rlm_ldap: setting TLS CACert File to /etc/cert/cert.pem rlm_ldap: starting TLS rlm_ldap: bind as uid=username,ou=People,dc=company,dc=com/password to ldap1.in.company:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user username authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 8 modcall: leaving group LDAP (returns ok) for request 8 Sending Access-Accept of id 237 to 127.0.0.1 port 1033 Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 209 with timestamp 47c2cee7 Cleaning up request 1 ID 210 with timestamp 47c2cee7 Cleaning up request 2 ID 211 with timestamp 47c2cee7 Cleaning up request 3 ID 212 with timestamp 47c2cee7 Cleaning up request 4 ID 213 with timestamp 47c2cee7 Cleaning up request 5 ID 214 with timestamp 47c2cee7 Cleaning up request 6 ID 215 with timestamp 47c2cee7 Cleaning up request 7 ID 216 with timestamp 47c2cee7 Waking up in 5 seconds... ================================== Thank you Era