I did this question yesterday, but since im new i did a lot of wrong things, like no subject, etc etc.
So here is the deal, we use freeradius on a hotspot service with wireless and it works all fine, but we are trying to put 802.1x (its better)
So the thing is, it always say "login/pass incorrect"

So i did the debug thing, and i couldnt find the error (im new on linux)

I did the radtest and the results are the following:

radtest -t mschap <user> <pass> 127.0.0.1:1812 0 t3st3 (our pass)
and  i got this 

Sending Access-Request of id 193 to 127.0.0.1 port 1812
User-Name = "1085"
NAS-IP-Address = 192.168.80.2
NAS-Port = 0
MS-CHAP-Challenge = 0x826bf8043e1d4ecf
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cb7fdf6848ca0b2df86e5060da2c2b8e80329c405855233a
 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=193, length=20 "

so i did another test like this:

radtest -t eap-md5 <user> <pass> 127.0.0.1:1812 0 t3st3

and i got this 

Sending Access-Request packet to host 127.0.0.1 port 1812, id=54, length=0
User-Name = "1085"
User-Password = "XXXXXXX"
NAS-IP-Address = 192.168.80.2
NAS-Port = 0
EAP-Code = Response
EAP-Type-Identity = "1085"
Message-Authenticator = 0x00
EAP-Message = 0x023500090131303835
Received Access-Challenge packet from host 127.0.0.1 port 1812, id=54, length=64
EAP-Message = 0x013600061520
Message-Authenticator = 0x56eff2711d27219b78bc42ad7db31808
State = 0x028cb41e02baa1b18a40110649d7000f
EAP-Id = 54
EAP-Code = Request
EAP-Type-LEAP = 0x20

I dont know what is wrong, i THINK its our SQL BD that is not accepting mschap.
I would appreciate that people dont answer like "read this, read that, its all explained", like i said, im new on linux, i read everything i found, but didnt got the problem
Appreciate any help.

Below is my debug trying to access by the wireless.

[tls] Initiate

[tls] Start returned 1

++[eap] returns handled

Sending Access-Challenge of id 179 to 172.23.54.2 port 32784

EAP-Message = 0x010200061920

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea42de2a3ddda2e08b2ef9a8e

Finished request 17.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=180, length=320

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x0202006919800000005f160301005a010000560301509d3fc22ba4ec181253508b1a9031d084a6ab63dfc0f57196d85dccbddd6bb0000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100

State = 0xa52ffbdea42de2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0xb15471a260ff863b5df11a42d1b7ffaf

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 2 length 105

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 95

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] (other): before/accept initialization

[peap] TLS_accept: before/accept initialization

[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello

[peap] TLS_accept: SSLv3 read client hello A

[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello

[peap] TLS_accept: SSLv3 write server hello A

[peap] >>> TLS 1.0 Handshake [length 02a8], Certificate

[peap] TLS_accept: SSLv3 write certificate A

[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone

[peap] TLS_accept: SSLv3 write server done A

[peap] TLS_accept: SSLv3 flush data

[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A

In SSL Handshake Phase

In SSL Accept mode

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 180 to 172.23.54.2 port 32784

EAP-Message = 0x010302f2190016030100310200002d0301509d3ef1415eda32ffcebd3266fe173cbfff89917ae81eda6972831a026a39a700002f000005ff0100010016030102a80b0002a40002a100029e3082029a30820182020900bd56242da73748dd300d06092a864886f70d0101050500300f310d300b0603550403130464617274301e170d3132303632383139343531345a170d3232303632363139343531345a300f310d300b060355040313046461727430820122300d06092a864886f70d01010105000382010f003082010a0282010100ca6b2f404628ab86daf42a6fc6bf84841fc22515227dff73a183a6f51a2a22db61143afc8486ff59813449b110

EAP-Message = 0x463c624fe05f1a79e5f347cc1a4ae49a551195f31db873c60037978a2873ec1b990d3c3508d0a5380dd2c013755ba5771905a9e6b9e119a7d58981e7125f745ec893c416a2299c44dfac6ce81ff226ea6154b601a56285572c4658a045b8e160ff29ada8bf9fbd3aab84f6988155b52bf1e8691d7629e7d77cdf1bacf0fb062a7a826d02726fadace6d3ccdb84338d2e05a7867a6bc236f942bf2109a41b8289a9b1214571007a84a0ec2835dfac79beca7faf858ddf2b0483398effde1112e04540a8b83c6f4f3464aec1f10d66ffec7c837b0203010001300d06092a864886f70d010105050003820101000310c2505daf381e21004471bf7cf5ae8a

EAP-Message = 0xe16a72c80fb15970c51859f996942e88e6a675834788ab9aa5a57af1a335b4513acd5c39cf3b63151368dac86c6ad0ba965a52636b998d220534d3c913a6f2d64baa46a14d877a6f1a1afdedd7dcc9f990b0ba6b0181cc15abbcab5de4ae2adf002de566cac739b11c770b727a104b4359905dbbf0889cad18af0f31e5be5f28b6619edefff2edc1a5ea6683805b51d1cbeb05c250d23a402de0f4443f01d4a7ddc4bf4ea950151f42aee22dc1c9a81f18aa219499adff4095f9fb6dc2e44f89fe14c0e2f30007748bd4deba341982af01ed8d09dad9bbfcc0ceaa2f4b3d3d94add25259cba48886d837b49af75a8f16030100040e000000

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea72ce2a3ddda2e08b2ef9a8e

Finished request 18.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=181, length=553

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x020301501980000001461603010106100001020100406f5aabae4fb470053ee7cb8a80f8c8dc8f30040d4466009eca6d20f732623e0b4e1e9f8e9a675b81a68adbbdc8a9f05e460f841eea9234efbc9ae86e1c2d5f7de46b73718103e4d495253e86b9d945d1a97fc5ca13b14ca421b5b4f032f65567a027b202a18591d2bf3d5f05bc08dd2c7314c5d3291b55d255135cd1e08bdfb81e37e23bed31b6ef9bbc20face7f65b9679030f889cf3b7fcc3c5b442372b46b50744c8ae4d28bf1417b45900aed22e1f76d0f679bc83186008c10902140b38de9e40ac8b9074c4438479cfba8ecc58fb1c0eca7581fdfb2fc2221ca3cccfd3c379bd0415f0523

EAP-Message = 0x469ea987e74a634ffd9f974fd85c4cf550cfc184882b10d31403010001011603010030c7823f5df8656cb4ecee2830f2dd532e33febb88329d8078398bcf9fc3729371e6acabeeee9022d11176d95facb50e26

State = 0xa52ffbdea72ce2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0x6b79b9cd6b15dfedbf49ba57b7edcc45

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 3 length 253

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

TLS Length 326

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange

[peap] TLS_accept: SSLv3 read client key exchange A

[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]

[peap] <<< TLS 1.0 Handshake [length 0010], Finished

[peap] TLS_accept: SSLv3 read finished A

[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]

[peap] TLS_accept: SSLv3 write change cipher spec A

[peap] >>> TLS 1.0 Handshake [length 0010], Finished

[peap] TLS_accept: SSLv3 write finished A

[peap] TLS_accept: SSLv3 flush data

[peap] (other): SSL negotiation finished successfully

SSL Connection Established

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 181 to 172.23.54.2 port 32784

EAP-Message = 0x01040041190014030100010116030100305da09efb263d6a8e920ffd363a784a928bc392a6b80309b6f3f3d78becca6e3f7f2f20b3fb0b62520e46decd844eafec

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea62be2a3ddda2e08b2ef9a8e

Finished request 19.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=182, length=221

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x020400061900

State = 0xa52ffbdea62be2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0x21e270d06fa3b618166b474599d92c03

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake is finished

[peap] eaptls_verify returned 3

[peap] eaptls_process returned 3

[peap] EAPTLS_SUCCESS

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state TUNNEL ESTABLISHED

++[eap] returns handled

Sending Access-Challenge of id 182 to 172.23.54.2 port 32784

EAP-Message = 0x0105002b190017030100209c58a55d01f6f8ea2ebd4dcf6b707ac1854afc0ae1184210876df755426cdebb

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea12ae2a3ddda2e08b2ef9a8e

Finished request 20.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=183, length=258

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x0205002b1900170301002045585f4e63ddae7a1c000e31e0a2eeece7eaa624f2806a9e70e2d046f1391fc7

State = 0xa52ffbdea12ae2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0x69f09f61ebca4c76283b5dca004e7ef0

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 5 length 43

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state WAITING FOR INNER IDENTITY

[peap] Identity - 1085

[peap] Got inner identity '1085'

[peap] Setting default EAP type for tunneled EAP session.

[peap] Got tunneled request

EAP-Message = 0x020500090131303835

server {

PEAP: Setting User-Name to 1085

Sending tunneled request

EAP-Message = 0x020500090131303835

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "1085"

server inner-tunnel {

# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel

+- entering group authorize {...}

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[control] returns noop

[eap] EAP packet type response id 5 length 9

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

EAP-Message = 0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x0ae4ec900ae2f69ac6f652def380e816

[peap] Got tunneled reply RADIUS code 11

EAP-Message = 0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835

Message-Authenticator = 0x00000000000000000000000000000000

State = 0x0ae4ec900ae2f69ac6f652def380e816

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 183 to 172.23.54.2 port 32784

EAP-Message = 0x0106003b190017030100301000c355cc2c2884bf2f175908e52361b9e5f41b4a0e9a0435c322c46fe8a3c1bc2ddc42ac866a83ae30421b91059630

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea029e2a3ddda2e08b2ef9a8e

Finished request 21.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=184, length=306

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x0206005b19001703010050ae4fea85f3a5973a84f9b5e1abc47fb5a19be28af5e27780d39c7c29b91526c26e3972a03bee2657e96c715084bd5a5cf5da7d84cda132385eaa3a0d1733b5618ee6286e6e3670119927319542bcb7d2

State = 0xa52ffbdea029e2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0x687b1f3b1c9e04fc75d21d0f741b661f

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 6 length 91

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state phase2

[peap] EAP type mschapv2

[peap] Got tunneled request

EAP-Message = 0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835

server {

PEAP: Setting User-Name to 1085

Sending tunneled request

EAP-Message = 0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835

FreeRADIUS-Proxied-To = 127.0.0.1

User-Name = "1085"

State = 0x0ae4ec900ae2f69ac6f652def380e816

server inner-tunnel {

# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel

+- entering group authorize {...}

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[control] returns noop

[eap] EAP packet type response id 6 length 63

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel

[mschapv2] +- entering group MS-CHAP {...}

[mschap] No Cleartext-Password configured. Cannot create LM-Password.

[mschap] No Cleartext-Password configured. Cannot create NT-Password.

[mschap] Creating challenge hash with username: 1085

[mschap] Told to do MS-CHAPv2 for 1085 with NT-Password

[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.

[mschap] FAILED: MS-CHAP2-Response is incorrect

++[mschap] returns reject

[eap] Freeing handler

++[eap] returns reject

Failed to authenticate the user.

Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 0 via TLS tunnel)

} # server inner-tunnel

[peap] Got tunneled reply code 3

MS-CHAP-Error = "\006E=691 R=1"

EAP-Message = 0x04060004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Got tunneled reply RADIUS code 3

MS-CHAP-Error = "\006E=691 R=1"

EAP-Message = 0x04060004

Message-Authenticator = 0x00000000000000000000000000000000

[peap] Tunneled authentication was rejected.

[peap] FAILURE

++[eap] returns handled

Sending Access-Challenge of id 184 to 172.23.54.2 port 32784

EAP-Message = 0x0107002b19001703010020712d9a3c89066e09d12514449c4e4e166e62bd3626ba278d1cb473bacd1b31aa

Message-Authenticator = 0x00000000000000000000000000000000

State = 0xa52ffbdea328e2a3ddda2e08b2ef9a8e

Finished request 22.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=185, length=258

User-Name = "1085"

Calling-Station-Id = "00-1E-64-27-2F-52"

NAS-IP-Address = 172.23.54.2

NAS-Port = 1

Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"

Service-Type = Framed-User

Framed-MTU = 1400

NAS-Port-Type = Wireless-802.11

NAS-Identifier = "68-92-34-91-91-48"

Connect-Info = "CONNECT 802.11b/g"

WISPr-Location-Name = "2o-Andar"

EAP-Message = 0x0207002b190017030100205bce9ac93410e019700dbd986065e5a9a84301906e4611ad246471a284fc7e81

State = 0xa52ffbdea328e2a3ddda2e08b2ef9a8e

Vendor-25053-Attr-3 = 0x554e49464542452d3158

Message-Authenticator = 0x71c3a73b038b1f0a51e530baba2afc96

# Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "1085", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 7 length 43

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established. Decoding tunneled attributes.

[peap] Peap state send tlv failure

[peap] Received EAP-TLV response.

[peap] The users session was previously rejected: returning reject (again.)

[peap] *** This means you need to read the PREVIOUS messages in the debug output

[peap] *** to find out the reason why the user was rejected.

[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.

[peap] *** what went wrong, and how to fix the problem.

[eap] Handler failed in EAP/peap

[eap] Failed in EAP select

++[eap] returns invalid

Failed to authenticate the user.

Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 1 cli 00-1E-64-27-2F-52)

Using Post-Auth-Type Reject

# Executing group from file /etc/freeradius/sites-enabled/default

+- entering group REJECT {...}

[attr_filter.access_reject] expand: %{User-Name} -> 1085

attr_filter: Matched entry DEFAULT at line 11

++[attr_filter.access_reject] returns updated

Delaying reject of request 23 for 1 seconds

Going to the next request

Waking up in 0.9 seconds.

Sending delayed reject for request 23

Sending Access-Reject of id 185 to 172.23.54.2 port 32784

EAP-Message = 0x04070004

Message-Authenticator = 0x00000000000000000000000000000000

Waking up in 3.9 seconds.

Cleaning up request 16 ID 178 with timestamp +2309

Cleaning up request 17 ID 179 with timestamp +2309

Cleaning up request 18 ID 180 with timestamp +2309

Cleaning up request 19 ID 181 with timestamp +2309

Cleaning up request 20 ID 182 with timestamp +2309

Cleaning up request 21 ID 183 with timestamp +2309

Cleaning up request 22 ID 184 with timestamp +2309

Waking up in 1.0 seconds.

Cleaning up request 23 ID 185 with timestamp +2309

Ready to process requests.