Hi! I'm receiving a "rlm_eap_peap: Had sent TLV failure, rejecting." on the end of the debug when trying to auth EAP/PEAP XP-SP2 client. Looking earlier, on the debug, i'd see: ----- rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ----- But... now i don't know if the mschapv2 is the value that is "Unknow" or what value is unknow for the auth? Please, help me telling me what i doing wrong? Thanks in advice for your help. radiusd.conf: ----- prefix = /programas/freeradius2 exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP } ldap { server = "ldap.your.domain" basedn = "o=My Org,c=UA" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } with_cisco_vsa_hack = no files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr } authorize { eap } authenticate { eap } preacct { acct_unique } accounting { detail radutmp } session { radutmp } post-auth { } pre-proxy { } post-proxy { } ----- eap.conf: ----- eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/tls/cert-srv.pem certificate_file = ${raddbdir}/certs/tls/cert-srv.pem CA_file = ${raddbdir}/certs/tls/CA/cacert.pem dh_file = ${raddbdir}/certs/tls/dh random_file = ${raddbdir}/certs/tls/random fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 copy_request_to_tunnel = no } mschapv2 { } } ----- debug log: ----- + LD_LIBRARY_PATH=/usr/local/openssl/lib + LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /programas/freeradius2/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /programas/freeradius2/etc/raddb/clients.conf Config: including file: /programas/freeradius2/etc/raddb/eap.conf Config: including file: /programas/freeradius2/etc/raddb/sql.conf main: prefix = "/programas/freeradius2" main: localstatedir = "/programas/freeradius2/var" main: logdir = "/programas/freeradius2/var/log/radius" main: libdir = "/programas/freeradius2/lib" main: radacctdir = "/programas/freeradius2/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/programas/freeradius2/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/programas/freeradius2/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/programas/freeradius2/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /programas/freeradius2/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/programas/freeradius2/etc/raddb/certs/tls/cert-srv.pem" tls: certificate_file = "/programas/freeradius2/etc/raddb/certs/tls/cert-srv.pem" tls: CA_file = "/programas/freeradius2/etc/raddb/certs/tls/CA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/programas/freeradius2/etc/raddb/certs/tls/dh" tls: random_file = "/programas/freeradius2/etc/raddb/certs/tls/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/programas/freeradius2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/programas/freeradius2/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.20.7:55049, id=141, length=134 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023200090170657065 Message-Authenticator = 0x3fe87643717488557b8e86a44a4929c6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_eap: EAP packet type response id 50 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 141 to 192.168.20.7:55049 EAP-Message = 0x013300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15018a8667aa6f2bf399348682539a27 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55048, id=142, length=255 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x15018a8667aa6f2bf399348682539a27 Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0233007019800000006616030100610100005d030142d40537ab2cf5b1ffa5776b3b8f68665e174ed49548c109ad68f86f7a0cd1d120e0cbf6c19dcd9b3581e28dbd6a1c2353a68b22d555b27765d568d1f260b5ac04001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x1b8c51e62702793dfd50c8837d3c4b0f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 rlm_eap: EAP packet type response id 51 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0662], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 142 to 192.168.20.7:55048 EAP-Message = 0x0134040a19c0000006bf160301004a02000046030142d40500bd0530d47bb9f0bf7d0466dff46308e08dc3535d98837308a00fad2920b108b434da5eb62bf266f75260a4fe1061477acffb72dc08e8f4bd96a54f60f800040016030106620b00065e00065b0002c4308202c030820229a003020102020900f12ab1347a5cd9e1300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e61206465 EAP-Message = 0x20496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333932335a170d3036303632323138333932335a30819d310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573310f300d060355040313066f6e65626f7830819f300d06092a864886f70d010101050003818d00308189028181 EAP-Message = 0x00d30db19c37a7284f5f673101f2773ac3924fc774d15b7f55bc563b955b73aff9ac4f61d88aadaab244f47e944cdba13890f54008bd9ef1c553229e671ac5f4ffe6bb9bea797ac67188e37b9db3fb60006b68a8b3d01f73e9600612ae2d6bd4f0ce313e761bbdd177d9344579bd17565cc7b12a944820f52ab29365d22e4a24d30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000795bf4630d57fde5f57eb8b0d4f0ceab17fd13b31437e09d666c1a5f7e3c6bc095b29442d889460764b7108194e06cc690a8b4e5ce1bc45744d57ffff07a9326ff1ac7e0d066e2cc86f83 EAP-Message = 0x8db90cbfa1ecd56e767573304003569d1693f6cf224e9a651d9d2e78a208ce2aed4ac4f0da6187ca561c946c98d24aa0161d9bf2080003913082038d308202f6a003020102020900f12ab1347a5cd9df300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333631 EAP-Message = 0x395a170d3037303632323138333631395a30818c310b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f23eb8f5f09f1a8c84ebb931550b4bd Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55050, id=143, length=149 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x4f23eb8f5f09f1a8c84ebb931550b4bd Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023400061900 Message-Authenticator = 0x830d6a0c2dcc38bb22d7a1400948e4fe Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 rlm_eap: EAP packet type response id 52 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 143 to 192.168.20.7:55050 EAP-Message = 0x013502c51900300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e657330819f300d06092a864886f70d010101050003818d0030818902818100a4d3a6bb7f0b08a448a8b84fe5236a0ef724951374d6320389f264f2c5007aee8cfc1cfd319e16e1cb910c5cfd07821ac809e1ac9baade2e618b7addf29844732d923ca1103395642bd3f9c230d4aace EAP-Message = 0xb77b9b2e3f96436860556ece59ee48b29a57b7824847e851a6829cc9dbefe96b24e9fb66d03e368cdcd4e40c7a7b66230203010001a381f43081f1301d0603551d0e0416041433bfd1100827d8643dcde9ca1ce76b25f46446913081c10603551d230481b93081b6801433bfd1100827d8643dcde9ca1ce76b25f4644691a18192a4818f30818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d61746963 EAP-Message = 0x6120792054656c65636f6d756e69636163696f6e6573820900f12ab1347a5cd9df300c0603551d13040530030101ff300d06092a864886f70d0101040500038181003e06154dfd6945605d183a420498b80e43472ddc37ba210af99451122c28c0f9c0fe3a8c35e5fbf834e8c9359cab9c8a5178c6e93656d1aa4a90a40114d600bdc2698199b4adb031c83633ac990f05f42244a771769d888393d4c183f71cfdbaad74a467189ae89427f68d1e55ac68320bc63370dac576cfeaa005fc9855ef5e16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb649f7b9cfb7b8ccdb805d8a851a27d4 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55049, id=144, length=335 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0xb649f7b9cfb7b8ccdb805d8a851a27d4 Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023500c01980000000b616030100861000008200804c70cebbcbafc5324563c330bf527a29c11a0483bfbfe450087e2531c08d2b8e713189e5555aeb166d477c9d8358ce9ca819b1afd8c491420cab162935ec1b80c69d3af8474a71b3460afbd52372954f74d977897c13698b53c4cf5209caafaf2fa6d7ba8cd952252e7697c0cdcd7731ee589048bbc1475bae28bc1aae0f0a0a1403010001011603010020096180b7dfa708498a1aeae672b4551b669c5fc6ae79622650efb3a10336b136 Message-Authenticator = 0xf47a9e90b06d8a38556ab39d5d345e7d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 rlm_eap: EAP packet type response id 53 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 144 to 192.168.20.7:55049 EAP-Message = 0x0136003119001403010001011603010020d03bfe69fdf6584b1d6882152fe7eb203fa22ba4852aae206dfc4196ab7659cd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6500c067b47a56e3d7eb39eb1f51f75d Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55048, id=145, length=149 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x6500c067b47a56e3d7eb39eb1f51f75d Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023600061900 Message-Authenticator = 0xc9b738b4a99d700ff9f05aacd6343fdf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 rlm_eap: EAP packet type response id 54 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 145 to 192.168.20.7:55048 EAP-Message = 0x0137002019001703010015139bfe6db0aca01e9c03e24c58b78467857d4be279 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0e15c0c8c154169e15a6597e59ff063f Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55048, id=146, length=175 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x0e15c0c8c154169e15a6597e59ff063f Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0237002019001703010015c074abf8e34854264935655f3a9f33dc72cf409bca Message-Authenticator = 0x33d50e786188aa6c15d1d581e93976c7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 rlm_eap: EAP packet type response id 55 length 32 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - pepe rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of pepe PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to pepe Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 rlm_eap: EAP packet type response id 55 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 146 to 192.168.20.7:55048 EAP-Message = 0x013800351900170301002a0d4aa1f3ae3837a8cb3f1823ce849e91f05b2b62a808621970c414f055fd2a41e83218f896985e63e9f2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbc2a6b2ebc6704039852f97fd53633f3 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55050, id=147, length=229 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0xbc2a6b2ebc6704039852f97fd53633f3 Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023800561900170301004b0c6b58d944b8e5207dcc18641ebdd59dfe6c2c5e2cdeeb8c566316839b67d6279030b3480e61e635b0abe6862b2725c463ff23de791f75b5fd563cd0e41f0b9cc88dbb3a7a11c699547f93 Message-Authenticator = 0xf56c53360d6d6b4d44c2d586bb6027d6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 rlm_eap: EAP packet type response id 56 length 86 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to pepe PEAP: Adding old state with 71 1d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 rlm_eap: EAP packet type response id 56 length 63 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 147 to 192.168.20.7:55050 EAP-Message = 0x013900261900170301001b8f31916149f1767ba59d80746534182ee04d12cd8bc72aa59d0310 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2518cc6fe36775cf22af6b0801873445 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55050, id=148, length=181 User-Name = "pepe" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x2518cc6fe36775cf22af6b0801873445 Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x023900261900170301001bf5d93fbbc88f93d5d9886ccd2e16d37fc67244f08b25213e49d54b Message-Authenticator = 0xf510098b504d463f41750e04aae0ed5d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 rlm_eap: EAP packet type response id 57 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 141 with timestamp 42d40500 Cleaning up request 1 ID 142 with timestamp 42d40500 Cleaning up request 2 ID 143 with timestamp 42d40500 Cleaning up request 3 ID 144 with timestamp 42d40500 Cleaning up request 4 ID 145 with timestamp 42d40500 Cleaning up request 5 ID 146 with timestamp 42d40500 Cleaning up request 6 ID 147 with timestamp 42d40500 Sending Access-Reject of id 148 to 192.168.20.7:55050 EAP-Message = 0x04390004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 7 ID 148 with timestamp 42d40500 Nothing to do. Sleeping until we see a request. -----