Hi, I inherited freeradius 1.1.3 on RHEL 5.5 working with our kerberos and first tried to understand how it was setup but looking at the freeradius site and docs I decided that I should really upgrade. Removed freeradius, installed via yum: freeradius2-2.1.12-5.el5, freeradius2-utils-2.1.12-5.el5, freeradius2-krb5-2.1.12-5.el5 Followed http://lists.freeradius.org/pipermail/freeradius-users/2012-December/064375.... and was able to do a localhost radtest successfully using my actual username and password, which confirmed to me that radius was authenticating correctly via our kerberos server. However when I try with an actual wireless network, it doesn't work. I've also looked at https://www.eduroam.us/node/45 and tried to follow that except for the proxy stuff, I'm not sure if that is needed. Here are my configs: /etc/raddb/modules/krb5: krb5 { keytab = /etc/krb5.keytab service_principal = myserver/myserver.domain } Added kerberos after pap in /etc/raddb/sites-available/default: authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } # # Kerberos stuff Auth-Type Kerberos { krb5 } Similarly added kerberos in /etc/raddb/sites-available/inner-tunnel: authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } # Kerberos stuff Auth-Type Kerberos { krb5 } Modified eap.conf to: default_eap_type = ttls copy_request_to_tunnel = yes use_tunneled_reply = yes Added as first entry to users file: DEFAULT Auth-Type = Kerberos Fall-Through = 1 Added our Aruba controller to clients.conf: client ARUBA { ipaddr = x.x.x.x secret = mysecret shortname = myssid } Ran radiusd -xxx, here's the log: Wed Sep 17 04:29:25 2014 : Debug: Re-wait 4 Wed Sep 17 04:29:25 2014 : Debug: Re-wait 3 Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address * port 1812 Wed Sep 17 04:29:25 2014 : Debug: Listening on accounting address * port 1813 Wed Sep 17 04:29:25 2014 : Debug: Listening on command file /var/run/radiusd/radiusd.sock Wed Sep 17 04:29:25 2014 : Debug: Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Wed Sep 17 04:29:25 2014 : Debug: Listening on proxy address * port 1814 Wed Sep 17 04:29:25 2014 : Info: Ready to process requests. Wed Sep 17 04:29:25 2014 : Debug: Re-wait 2 Wed Sep 17 04:30:19 2014 : Debug: Threads: total/active/spare threads = 5/0/5 Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 0, (1 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 1 length 11 Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns updated Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143 Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop Wed Sep 17 04:30:19 2014 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] EAP Identity Wed Sep 17 04:30:19 2014 : Info: [eap] processing type tls Wed Sep 17 04:30:19 2014 : Info: [tls] Initiate Wed Sep 17 04:30:19 2014 : Info: [tls] Start returned 1 Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled Wed Sep 17 04:30:19 2014 : Info: Finished request 0. Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 5 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 5 handling request 1, (1 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 2 length 166 Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS Wed Sep 17 04:30:19 2014 : Debug: TLS Length 156 Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 Wed Sep 17 04:30:19 2014 : Info: [ttls] (other): before/accept initialization Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: before/accept initialization Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0097], ClientHello Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read client hello A Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write server hello A Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 085e], Certificate Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write certificate A Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write server done A Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 flush data Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A Wed Sep 17 04:30:19 2014 : Debug: In SSL Handshake Phase Wed Sep 17 04:30:19 2014 : Debug: In SSL Accept mode Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled Wed Sep 17 04:30:19 2014 : Info: Finished request 1. Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 5 waiting to be assigned a request Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 4 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 4 handling request 2, (1 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 3 length 6 Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1 Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled Wed Sep 17 04:30:19 2014 : Info: Finished request 2. Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 4 waiting to be assigned a request Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 3 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 3 handling request 3, (1 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 4 length 6 Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS Wed Sep 17 04:30:19 2014 : Info: [ttls] Received TLS ACK Wed Sep 17 04:30:19 2014 : Info: [ttls] ACK handshake fragment handler Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 1 Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled Wed Sep 17 04:30:19 2014 : Info: Finished request 3. Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 3 waiting to be assigned a request Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.9 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 2 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 2 handling request 4, (1 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 5 length 253 Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS Wed Sep 17 04:30:19 2014 : Debug: TLS Length 326 Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read client key exchange A Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] Wed Sep 17 04:30:19 2014 : Info: [ttls] <<< TLS 1.0 Handshake [length 0010], Finished Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 read finished A Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write change cipher spec A Wed Sep 17 04:30:19 2014 : Info: [ttls] >>> TLS 1.0 Handshake [length 0010], Finished Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 write finished A Wed Sep 17 04:30:19 2014 : Info: [ttls] TLS_accept: SSLv3 flush data Wed Sep 17 04:30:19 2014 : Info: [ttls] (other): SSL negotiation finished successfully Wed Sep 17 04:30:19 2014 : Debug: SSL Connection Established Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 13 Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns handled Wed Sep 17 04:30:19 2014 : Info: Finished request 4. Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 2 waiting to be assigned a request Wed Sep 17 04:30:19 2014 : Debug: Waking up in 0.8 seconds. Wed Sep 17 04:30:19 2014 : Debug: Thread 1 got semaphore Wed Sep 17 04:30:19 2014 : Debug: Thread 1 handling request 5, (2 handled so far) Wed Sep 17 04:30:19 2014 : Info: [<thread>] # Executing section authorize from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: [<thread>] +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[preprocess] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[digest] returns noop Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] EAP packet type response id 6 length 159 Wed Sep 17 04:30:19 2014 : Info: [eap] Continuing tunnel setup. Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns ok Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = EAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group authenticate {...} Wed Sep 17 04:30:19 2014 : Info: [eap] Request found, released from the list Wed Sep 17 04:30:19 2014 : Info: [eap] EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] processing type ttls Wed Sep 17 04:30:19 2014 : Info: [ttls] Authenticate Wed Sep 17 04:30:19 2014 : Info: [ttls] processing EAP-TLS Wed Sep 17 04:30:19 2014 : Debug: TLS Length 149 Wed Sep 17 04:30:19 2014 : Info: [ttls] Length Included Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_verify returned 11 Wed Sep 17 04:30:19 2014 : Info: [ttls] eaptls_process returned 7 Wed Sep 17 04:30:19 2014 : Info: [ttls] Session established. Proceeding to decode tunneled attributes. Wed Sep 17 04:30:19 2014 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel Wed Sep 17 04:30:19 2014 : Info: +- entering group authorize {...} Wed Sep 17 04:30:19 2014 : Info: ++[chap] returns noop Wed Sep 17 04:30:19 2014 : Info: [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns ok Wed Sep 17 04:30:19 2014 : Info: [suffix] No '@' in User-Name = "xxxx", looking up realm NULL Wed Sep 17 04:30:19 2014 : Info: [suffix] No such realm "NULL" Wed Sep 17 04:30:19 2014 : Info: ++[suffix] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[control] returns noop Wed Sep 17 04:30:19 2014 : Info: [eap] No EAP-Message, not doing EAP Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns noop Wed Sep 17 04:30:19 2014 : Info: [files] users: Matched entry DEFAULT at line 143 Wed Sep 17 04:30:19 2014 : Info: ++[files] returns ok Wed Sep 17 04:30:19 2014 : Info: ++[expiration] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[logintime] returns noop Wed Sep 17 04:30:19 2014 : Info: ++[pap] returns noop Wed Sep 17 04:30:19 2014 : Info: Found Auth-Type = MSCHAP Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel Wed Sep 17 04:30:19 2014 : Info: +- entering group MS-CHAP {...} Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured. Cannot create LM-Password. Wed Sep 17 04:30:19 2014 : Info: [mschap] No Cleartext-Password configured. Cannot create NT-Password. Wed Sep 17 04:30:19 2014 : Info: [mschap] Creating challenge hash with username: xxxx Wed Sep 17 04:30:19 2014 : Info: [mschap] Told to do MS-CHAPv2 for xxxx with NT-Password Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. Wed Sep 17 04:30:19 2014 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect Wed Sep 17 04:30:19 2014 : Info: ++[mschap] returns reject Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user. Wed Sep 17 04:30:19 2014 : Info: [ttls] Got tunneled Access-Reject Wed Sep 17 04:30:19 2014 : Info: [eap] Handler failed in EAP/ttls Wed Sep 17 04:30:19 2014 : Info: [eap] Failed in EAP select Wed Sep 17 04:30:19 2014 : Info: ++[eap] returns invalid Wed Sep 17 04:30:19 2014 : Info: Failed to authenticate the user. Wed Sep 17 04:30:19 2014 : Info: Using Post-Auth-Type Reject Wed Sep 17 04:30:19 2014 : Info: # Executing group from file /etc/raddb/sites-enabled/default Wed Sep 17 04:30:19 2014 : Info: +- entering group REJECT {...} Wed Sep 17 04:30:19 2014 : Info: [attr_filter.access_reject] expand: %{User-Name} -> xxxx Wed Sep 17 04:30:19 2014 : Debug: attr_filter: Matched entry DEFAULT at line 11 Wed Sep 17 04:30:19 2014 : Info: ++[attr_filter.access_reject] returns updated Wed Sep 17 04:30:19 2014 : Info: Delaying reject of request 5 for 1 seconds Wed Sep 17 04:30:19 2014 : Debug: Going to the next request Wed Sep 17 04:30:19 2014 : Debug: Thread 1 waiting to be assigned a request Wed Sep 17 04:30:20 2014 : Info: Sending delayed reject for request 5 Wed Sep 17 04:30:20 2014 : Debug: Waking up in 3.8 seconds. Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 0 ID 57 with timestamp +54 Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 1 ID 58 with timestamp +54 Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 2 ID 59 with timestamp +54 Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 3 ID 60 with timestamp +54 Wed Sep 17 04:30:24 2014 : Info: Cleaning up request 4 ID 61 with timestamp +54 Wed Sep 17 04:30:24 2014 : Debug: Waking up in 1.0 seconds. Wed Sep 17 04:30:25 2014 : Info: Cleaning up request 5 ID 62 with timestamp +54 Wed Sep 17 04:30:25 2014 : Info: Ready to process requests. The wireless network is served from an Aruba controller which works fine with a windows radius server using AD authentication (for a diff SSID) I can't say that I have looked through the list messages entirely but have spent reasonable time looking at different threads and reading radius docs, if I have still missed something obvious I apologize in advance. Any help/suggestion/advice would be greatly appreciated. Thanks -uzee