I did this question yesterday, but since im new i did a lot of wrong things, like no subject, etc etc.So here is the deal, we use freeradius on a hotspot service with wireless and it works all fine, but we are trying to put 802.1x (its better)So the thing is, it always say "login/pass incorrect" So i did the debug thing, and i couldnt find the error (im new on linux) I did the radtest and the results are the following: radtest -t mschap <user> <pass> 127.0.0.1:1812 0 t3st3 (our pass)and i got this Sending Access-Request of id 193 to 127.0.0.1 port 1812 User-Name = "1085" NAS-IP-Address = 192.168.80.2 NAS-Port = 0 MS-CHAP-Challenge = 0x826bf8043e1d4ecf MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cb7fdf6848ca0b2df86e5060da2c2b8e80329c405855233a rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=193, length=20 " so i did another test like this: radtest -t eap-md5 <user> <pass> 127.0.0.1:1812 0 t3st3 and i got this Sending Access-Request packet to host 127.0.0.1 port 1812, id=54, length=0 User-Name = "1085" User-Password = "XXXXXXX" NAS-IP-Address = 192.168.80.2 NAS-Port = 0 EAP-Code = Response EAP-Type-Identity = "1085" Message-Authenticator = 0x00 EAP-Message = 0x023500090131303835Received Access-Challenge packet from host 127.0.0.1 port 1812, id=54, length=64 EAP-Message = 0x013600061520 Message-Authenticator = 0x56eff2711d27219b78bc42ad7db31808 State = 0x028cb41e02baa1b18a40110649d7000f EAP-Id = 54 EAP-Code = Request EAP-Type-LEAP = 0x20 I dont know what is wrong, i THINK its our SQL BD that is not accepting mschap.I would appreciate that people dont answer like "read this, read that, its all explained", like i said, im new on linux, i read everything i found, but didnt got the problemAppreciate any help. Below is my debug trying to access by the wireless. [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 179 to 172.23.54.2 port 32784 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea42de2a3ddda2e08b2ef9a8e Finished request 17. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=180, length=320 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0202006919800000005f160301005a010000560301509d3fc22ba4ec181253508b1a9031d084a6ab63dfc0f57196d85dccbddd6bb0000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 State = 0xa52ffbdea42de2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0xb15471a260ff863b5df11a42d1b7ffaf # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 105 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02a8], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 180 to 172.23.54.2 port 32784 EAP-Message = 0x010302f2190016030100310200002d0301509d3ef1415eda32ffcebd3266fe173cbfff89917ae81eda6972831a026a39a700002f000005ff0100010016030102a80b0002a40002a100029e3082029a30820182020900bd56242da73748dd300d06092a864886f70d0101050500300f310d300b0603550403130464617274301e170d3132303632383139343531345a170d3232303632363139343531345a300f310d300b060355040313046461727430820122300d06092a864886f70d01010105000382010f003082010a0282010100ca6b2f404628ab86daf42a6fc6bf84841fc22515227dff73a183a6f51a2a22db61143afc8486ff59813449b110 EAP-Message = 0x463c624fe05f1a79e5f347cc1a4ae49a551195f31db873c60037978a2873ec1b990d3c3508d0a5380dd2c013755ba5771905a9e6b9e119a7d58981e7125f745ec893c416a2299c44dfac6ce81ff226ea6154b601a56285572c4658a045b8e160ff29ada8bf9fbd3aab84f6988155b52bf1e8691d7629e7d77cdf1bacf0fb062a7a826d02726fadace6d3ccdb84338d2e05a7867a6bc236f942bf2109a41b8289a9b1214571007a84a0ec2835dfac79beca7faf858ddf2b0483398effde1112e04540a8b83c6f4f3464aec1f10d66ffec7c837b0203010001300d06092a864886f70d010105050003820101000310c2505daf381e21004471bf7cf5ae8a EAP-Message = 0xe16a72c80fb15970c51859f996942e88e6a675834788ab9aa5a57af1a335b4513acd5c39cf3b63151368dac86c6ad0ba965a52636b998d220534d3c913a6f2d64baa46a14d877a6f1a1afdedd7dcc9f990b0ba6b0181cc15abbcab5de4ae2adf002de566cac739b11c770b727a104b4359905dbbf0889cad18af0f31e5be5f28b6619edefff2edc1a5ea6683805b51d1cbeb05c250d23a402de0f4443f01d4a7ddc4bf4ea950151f42aee22dc1c9a81f18aa219499adff4095f9fb6dc2e44f89fe14c0e2f30007748bd4deba341982af01ed8d09dad9bbfcc0ceaa2f4b3d3d94add25259cba48886d837b49af75a8f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea72ce2a3ddda2e08b2ef9a8e Finished request 18. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=181, length=553 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x020301501980000001461603010106100001020100406f5aabae4fb470053ee7cb8a80f8c8dc8f30040d4466009eca6d20f732623e0b4e1e9f8e9a675b81a68adbbdc8a9f05e460f841eea9234efbc9ae86e1c2d5f7de46b73718103e4d495253e86b9d945d1a97fc5ca13b14ca421b5b4f032f65567a027b202a18591d2bf3d5f05bc08dd2c7314c5d3291b55d255135cd1e08bdfb81e37e23bed31b6ef9bbc20face7f65b9679030f889cf3b7fcc3c5b442372b46b50744c8ae4d28bf1417b45900aed22e1f76d0f679bc83186008c10902140b38de9e40ac8b9074c4438479cfba8ecc58fb1c0eca7581fdfb2fc2221ca3cccfd3c379bd0415f0523 EAP-Message = 0x469ea987e74a634ffd9f974fd85c4cf550cfc184882b10d31403010001011603010030c7823f5df8656cb4ecee2830f2dd532e33febb88329d8078398bcf9fc3729371e6acabeeee9022d11176d95facb50e26 State = 0xa52ffbdea72ce2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x6b79b9cd6b15dfedbf49ba57b7edcc45 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 181 to 172.23.54.2 port 32784 EAP-Message = 0x01040041190014030100010116030100305da09efb263d6a8e920ffd363a784a928bc392a6b80309b6f3f3d78becca6e3f7f2f20b3fb0b62520e46decd844eafec Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea62be2a3ddda2e08b2ef9a8e Finished request 19. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=182, length=221 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x020400061900 State = 0xa52ffbdea62be2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x21e270d06fa3b618166b474599d92c03 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 182 to 172.23.54.2 port 32784 EAP-Message = 0x0105002b190017030100209c58a55d01f6f8ea2ebd4dcf6b707ac1854afc0ae1184210876df755426cdebb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea12ae2a3ddda2e08b2ef9a8e Finished request 20. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=183, length=258 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0205002b1900170301002045585f4e63ddae7a1c000e31e0a2eeece7eaa624f2806a9e70e2d046f1391fc7 State = 0xa52ffbdea12ae2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x69f09f61ebca4c76283b5dca004e7ef0 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - 1085 [peap] Got inner identity '1085' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020500090131303835 server { PEAP: Setting User-Name to 1085 Sending tunneled request EAP-Message = 0x020500090131303835 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "1085" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 5 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0ae4ec900ae2f69ac6f652def380e816 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0ae4ec900ae2f69ac6f652def380e816 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 183 to 172.23.54.2 port 32784 EAP-Message = 0x0106003b190017030100301000c355cc2c2884bf2f175908e52361b9e5f41b4a0e9a0435c322c46fe8a3c1bc2ddc42ac866a83ae30421b91059630 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea029e2a3ddda2e08b2ef9a8e Finished request 21. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=184, length=306 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0206005b19001703010050ae4fea85f3a5973a84f9b5e1abc47fb5a19be28af5e27780d39c7c29b91526c26e3972a03bee2657e96c715084bd5a5cf5da7d84cda132385eaa3a0d1733b5618ee6286e6e3670119927319542bcb7d2 State = 0xa52ffbdea029e2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x687b1f3b1c9e04fc75d21d0f741b661f # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 91 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835 server { PEAP: Setting User-Name to 1085 Sending tunneled request EAP-Message = 0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "1085" State = 0x0ae4ec900ae2f69ac6f652def380e816 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 63 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: 1085 [mschap] Told to do MS-CHAPv2 for 1085 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 184 to 172.23.54.2 port 32784 EAP-Message = 0x0107002b19001703010020712d9a3c89066e09d12514449c4e4e166e62bd3626ba278d1cb473bacd1b31aa Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa52ffbdea328e2a3ddda2e08b2ef9a8e Finished request 22. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=185, length=258 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0207002b190017030100205bce9ac93410e019700dbd986065e5a9a84301906e4611ad246471a284fc7e81 State = 0xa52ffbdea328e2a3ddda2e08b2ef9a8e Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x71c3a73b038b1f0a51e530baba2afc96 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "1085", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 1 cli 00-1E-64-27-2F-52) Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 1085 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 23 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 23 Sending Access-Reject of id 185 to 172.23.54.2 port 32784 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 16 ID 178 with timestamp +2309 Cleaning up request 17 ID 179 with timestamp +2309 Cleaning up request 18 ID 180 with timestamp +2309 Cleaning up request 19 ID 181 with timestamp +2309 Cleaning up request 20 ID 182 with timestamp +2309 Cleaning up request 21 ID 183 with timestamp +2309 Cleaning up request 22 ID 184 with timestamp +2309 Waking up in 1.0 seconds. Cleaning up request 23 ID 185 with timestamp +2309 Ready to process requests.