Hi, my users file contains this: "YEBENES MORENO, SERGIO (AUTENTICACIÓN)" "NOMBRE YEBENES MORENO SERGIO" my sites-enabled/default contains this authorize { ...... if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACIÓN)") { DNIe } elsif (User-Name == "NOMBRE YEBENES MORENO SERGIO") { FNMT } ...... } authenticate { ...... DNIe FNMT ..... } my radiusd.conf contains this ...... eap DNIe {....} eap FNMT {....} ..... #being separated, working ok I've deactivated proxy-request also, and commented $INCLUDE proxy.conf. Sometimes I can authenticate both users but sometimes I have this log with first user in this case: rad_recv: Access-Request packet from host 192.168.0.3 port 3072, id=0, length=191 User-Name = "YEBENES MORENO, SERGIO (AUTENTICACIÓN)" NAS-IP-Address = 192.168.0.3 Called-Station-Id = "0014c145956f" Calling-Station-Id = "001cf01294dd" NAS-Identifier = "0014c145956f" NAS-Port = 27 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200002c01594542454e4553204d4f52454e4f2c2053455247494f2028415554454e544943414349c3934e29 Message-Authenticator = 0xa54b6486b856720c5b53d13d93a3c986 +- entering group authorize ++[preprocess] returns ok rlm_realm: No '@' in User-Name = "YEBENES MORENO, SERGIO (AUTENTICACI�?N)", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") ? Evaluating (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") -> TRUE ++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") -> TRUE ++- entering if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") rlm_eap: EAP packet type response id 0 length 44 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation +++[DNIe] returns updated ++- if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") returns updated ++ ... skipping elsif for request 0: Preceding "if" was taken ++[unix] returns notfound users: Matched entry YEBENES MORENO, SERGIO (AUTENTICACI�?N) at line 64 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rad_check_password: Found Auth-Type DNIe auth: type "DNIe" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[DNIe] returns handled Sending Access-Challenge of id 0 to 192.168.0.3 port 3072 EAP-Message = 0x010100060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4b4488b94b458530f65cf8f80cfd1f5e Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +8 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.3 port 3072, id=0, length=199 NAS-IP-Address = 192.168.0.3 Called-Station-Id = "0014c145956f" Calling-Station-Id = "001cf01294dd" NAS-Identifier = "0014c145956f" NAS-Port = 27 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201005d0d0016030100520100004e030148791746f321838297028ad0310c01e89a8658b33fb6d1912141922b623886ab00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100 Message-Authenticator = 0x6e7ed6d984d2842c80ec94779dbd71c7 +- entering group authorize ++[preprocess] returns ok rlm_realm: Proxy reply, or no User-Name. Ignoring. ++[suffix] returns ok ++? if (User-Name == "YEBENES MORENO, SERGIO (AUTENTICACI�?N)") (Attribute User-Name was not found) ++? elsif (User-Name == "NOMBRE YEBENES MORENO SERGIO") (Attribute User-Name was not found) ++[unix] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> ++[attr_filter.access_reject] returns noop Sending Access-Reject of id 0 to 192.168.0.3 port 3072 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 1 ID 0 with timestamp +38 Ready to process requests. why User-Name couldn't be found? If first match with users file was ok and found DNIe module, radius should begin tls handshake. Does wpa_supplicant sends identity only in the rist Access-Request? this sounds a little strange... Any "Sauron Eye" which can help me? Thanks