Hi, I'm trying to connect my Ubuntu 15.10 laptop to WLAN with Cisco Aironet WLC and FreeRADIUS 3.0.11. First of all, I've checked if my RADIUS server works with *eapol_test* utility from wpa_supplicant 2.5 suite and modified eap-ttls-pap.conf confguration file. Then I go to Ubuntu laptop and create custom configuration using Network Manager: [wifi-security] group= key-mgmt=wpa-eap pairwise= proto= [802-1x] altsubject-matches= anonymous-identity=anonymous eap=ttls; identity=ttest password-flags=2 phase2-altsubject-matches= phase2-auth=pap Here is server debug output: (0) Received Access-Request Id 153 from 1.2.3.2:32768 to 1.2.3.4:1812 length 264 (0) User-Name = "anonymous" (0) Chargeable-User-Identity = 0x00 (0) Location-Capable = Civix-Location (0) Calling-Station-Id = "c4-8e-8f-f5-eb-4f" (0) Called-Station-Id = "54-7c-69-f2-1c-a0:New" (0) NAS-Port = 1 (0) Cisco-AVPair = "audit-session-id=c0a819020000044557ce6e9b" (0) Acct-Session-Id = "57ce6e9b/c4:8e:8f:f5:eb:4f/2735" (0) NAS-IP-Address = 1.2.3.2 (0) NAS-Identifier = "backup" (0) Airespace-Wlan-Id = 6 (0) Service-Type = Framed-User (0) Framed-MTU = 1300 (0) NAS-Port-Type = Wireless-802.11 (0) Tunnel-Type:0 = VLAN (0) Tunnel-Medium-Type:0 = IEEE-802 (0) Tunnel-Private-Group-Id:0 = "15" (0) EAP-Message = 0x0201000e01616e6f6e796d6f7573 (0) Message-Authenticator = 0xcf196523d6fc7d6179e7b3252525b1ed (0) # Executing section authorize from file /etc/freeradius/sites-enabled/default (0) authorize { (0) policy filter_username { (0) if (&User-Name) { (0) if (&User-Name) -> TRUE (0) if (&User-Name) { (0) if (&User-Name =~ / /) { (0) if (&User-Name =~ / /) -> FALSE (0) if (&User-Name =~ /@[^@]*@/ ) { (0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE (0) if (&User-Name =~ /\.\./ ) { (0) if (&User-Name =~ /\.\./ ) -> FALSE (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) { (0) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE (0) if (&User-Name =~ /\.$/) { (0) if (&User-Name =~ /\.$/) -> FALSE (0) if (&User-Name =~ /@\./) { (0) if (&User-Name =~ /@\./) -> FALSE (0) } # if (&User-Name) = notfound (0) } # policy filter_username = notfound (0) [preprocess] = ok (0) [chap] = noop (0) [mschap] = noop (0) [digest] = noop (0) suffix: Checking for suffix after "@" (0) suffix: No '@' in User-Name = "anonymous", looking up realm NULL (0) suffix: No such realm "NULL" (0) [suffix] = noop (0) eap: Peer sent EAP Response (code 2) ID 1 length 14 (0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize (0) [eap] = ok (0) } # authorize = ok (0) Found Auth-Type = eap (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) authenticate { (0) eap: Peer sent packet with method EAP Identity (1) (0) eap: Calling submodule eap_ttls to process data (0) eap_ttls: Initiating new EAP-TLS session (0) eap_ttls: Flushing SSL sessions (of #0) (0) eap_ttls: [eaptls start] = request (0) eap: Sending EAP Request (code 1) ID 2 length 6 (0) eap: EAP session adding &reply:State = 0x53397887533b6d8a (0) [eap] = handled (0) } # authenticate = handled (0) Using Post-Auth-Type Challenge (0) Post-Auth-Type sub-section not found. Ignoring. (0) # Executing group from file /etc/freeradius/sites-enabled/default (0) Sent Access-Challenge Id 153 from 1.2.3.4:1812 to 1.2.3.2:32768 length 0 (0) EAP-Message = 0x010200061520 (0) Message-Authenticator = 0x00000000000000000000000000000000 (0) State = 0x53397887533b6d8a7ce5420be31fd0c8 (0) Finished request There are very similar output for Windows 10 with custom-made connection. I expect many Access-Request like in case with *eapol_test* authentification attempt. Please, help me distinguish: is it WiFi client, WLC or FreeRADIUS configuration issue? Thank you. -- Bogdan Rudas Head of Minsk IT Support Department Exadel Inc. http://www.exadel.com/ E-mail: brudas@exadel.com Skype ID: bogdan.rudas -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.