So here is a debug again. Like i said, SQL is uncommented on inner-tunnel.

[sql] sql_set_user escaped user --> '1085'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '1085'           ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '1085'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '1085'           ORDER BY priority
[sql] expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'sessaounica'           ORDER BY id
[sql] User found in group sessaounica
[sql] expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'sessaounica'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 112 to 172.23.54.2 port 32784
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12251f2f8eb3c4e11280c2e9be4
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=113, length=320
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x0202006919800000005f160301005a01000056030150abbcee3aef4bebb6b083e4ebab3f9771fcceaa242bf28aacd0410787d9666f000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
State = 0x50f0e12251f2f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0x61f1b2f6f26748268340109333843769
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 2 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02a8], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 113 to 172.23.54.2 port 32784
EAP-Message = 0x010302f2190016030100310200002d030150abbc056cfc4dc4309294b9ba9790a0730cea2809b7cd66f21c39b632becc0c00002f000005ff0100010016030102a80b0002a40002a100029e3082029a30820182020900bd56242da73748dd300d06092a864886f70d0101050500300f310d300b0603550403130464617274301e170d3132303632383139343531345a170d3232303632363139343531345a300f310d300b060355040313046461727430820122300d06092a864886f70d01010105000382010f003082010a0282010100ca6b2f404628ab86daf42a6fc6bf84841fc22515227dff73a183a6f51a2a22db61143afc8486ff59813449b110
EAP-Message = 0x463c624fe05f1a79e5f347cc1a4ae49a551195f31db873c60037978a2873ec1b990d3c3508d0a5380dd2c013755ba5771905a9e6b9e119a7d58981e7125f745ec893c416a2299c44dfac6ce81ff226ea6154b601a56285572c4658a045b8e160ff29ada8bf9fbd3aab84f6988155b52bf1e8691d7629e7d77cdf1bacf0fb062a7a826d02726fadace6d3ccdb84338d2e05a7867a6bc236f942bf2109a41b8289a9b1214571007a84a0ec2835dfac79beca7faf858ddf2b0483398effde1112e04540a8b83c6f4f3464aec1f10d66ffec7c837b0203010001300d06092a864886f70d010105050003820101000310c2505daf381e21004471bf7cf5ae8a
EAP-Message = 0xe16a72c80fb15970c51859f996942e88e6a675834788ab9aa5a57af1a335b4513acd5c39cf3b63151368dac86c6ad0ba965a52636b998d220534d3c913a6f2d64baa46a14d877a6f1a1afdedd7dcc9f990b0ba6b0181cc15abbcab5de4ae2adf002de566cac739b11c770b727a104b4359905dbbf0889cad18af0f31e5be5f28b6619edefff2edc1a5ea6683805b51d1cbeb05c250d23a402de0f4443f01d4a7ddc4bf4ea950151f42aee22dc1c9a81f18aa219499adff4095f9fb6dc2e44f89fe14c0e2f30007748bd4deba341982af01ed8d09dad9bbfcc0ceaa2f4b3d3d94add25259cba48886d837b49af75a8f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12252f3f8eb3c4e11280c2e9be4
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=114, length=553
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x02030150198000000146160301010610000102010052fc6ab5f74faed88f732a0538d77a48fa3deb9108503ec40f8206531f39609c71e35f66c5a66a0ec49efd6945fe33735405a3887c61bee06040eba9898deceabd87deec376645dddb631d3f6e0e3dc6bedad223cc551409e2830be55372e2784f2c413ddb86f63f5d0754a951d8c0003715d9ee327de78a7bd5b06c50ea9a13da60a0e7c88a0686b4703dcfc1862fa84cb8b51c621addd342444b193d72b33615cf0cb23b0825dd07e01c815e3cf23b6b424a87d0734ea286950d1990947f3ae4e33a5809b099021e03f6a8f558b74e2dfb1428a5a0d1a27b8d30638924ce15d8ea236bdf875706
EAP-Message = 0x596949b445b93cf2827465ceb48a5e5b8a5dd9d4e73226c81403010001011603010030f08b6f3ee2cb0addcd2252806d376fd1b3cbe2e533e27c48464edb2c69265975be1e02ed758ab215437c268db670c720
State = 0x50f0e12252f3f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0xe1dd9db2033641f680b15352a87e92fb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 3 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 114 to 172.23.54.2 port 32784
EAP-Message = 0x01040041190014030100010116030100300e22d49dbb6f214669d8a30b3c78c585ec453e27cb5169517b5524e86bd8148129dd47dffa51940ac878e293a93c885e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12253f4f8eb3c4e11280c2e9be4
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=115, length=221
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x020400061900
State = 0x50f0e12253f4f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0xee53cacd4d77e7dcb22fca47427888b4
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 115 to 172.23.54.2 port 32784
EAP-Message = 0x0105002b1900170301002067eb8854081d00e79e60f40c710668bbe9bb1cb23ae3ddf315aba15c96664b81
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12254f5f8eb3c4e11280c2e9be4
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=116, length=258
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x0205002b1900170301002011f25d1de4573a4d6b607382b7937ad72dcfdc8025c35ffc8262d6c575a332ef
State = 0x50f0e12254f5f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0x422fb2bc93adee1824c2743f0cb6ac9e
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 5 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - 1085
[peap] Got inner identity '1085'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x020500090131303835
server  {
  PEAP: Setting User-Name to 1085
Sending tunneled request
EAP-Message = 0x020500090131303835
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "1085"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "1085", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> 1085
[sql] sql_set_user escaped user --> '1085'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '1085'           ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '1085'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '1085'           ORDER BY priority
[sql] expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'sessaounica'           ORDER BY id
[sql] User found in group sessaounica
[sql] expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'sessaounica'           ORDER BY id
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0106001e1a0106001910a5427c3c57af2b4b0df19dfd7c05e1fc31303835
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9e6fb2559e69a859a38761d07782575e
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0106001e1a0106001910a5427c3c57af2b4b0df19dfd7c05e1fc31303835
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9e6fb2559e69a859a38761d07782575e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 116 to 172.23.54.2 port 32784
EAP-Message = 0x0106003b19001703010030d06d3dec2d35df98b7712e3479fee7d2b4a51a486939e1f64e88d3129cac05448752ee312195fc1a5dad896fa683a9f2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12255f6f8eb3c4e11280c2e9be4
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=117, length=306
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x0206005b190017030100506d6e23eb43fc72b6e140432c2f6bd259024e97bd499fb404a85aa2cc502bf31f878bc4d161645bc508e5360bb7e3b3a3b14fa6806f59cde513d6358cf2676b5213da39441b9c6e06146c4277e264788d
State = 0x50f0e12255f6f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0x01c4189ede0cf29450868b76d88b4a03
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 6 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x0206003f1a0206003a31f3f264be3a0bd9e7f5ee5d29877771f100000000000000008363cf519598a6d75f816d09036f1af9c4f0743b6766ab1c0031303835
server  {
  PEAP: Setting User-Name to 1085
Sending tunneled request
EAP-Message = 0x0206003f1a0206003a31f3f264be3a0bd9e7f5ee5d29877771f100000000000000008363cf519598a6d75f816d09036f1af9c4f0743b6766ab1c0031303835
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "1085"
State = 0x9e6fb2559e69a859a38761d07782575e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "1085", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 63
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> 1085
[sql] sql_set_user escaped user --> '1085'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '1085'           ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '1085'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '1085'           ORDER BY priority
[sql] expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'sessaounica'           ORDER BY id
[sql] User found in group sessaounica
[sql] expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'sessaounica'           ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: 1085
[mschap] Told to do MS-CHAPv2 for 1085 with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 117 to 172.23.54.2 port 32784
EAP-Message = 0x0107002b19001703010020a8870087794c4593f6772475d7a48ca632eacf969e37b8182db633804c1a121d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x50f0e12256f7f8eb3c4e11280c2e9be4
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=118, length=258
User-Name = "1085"
Calling-Station-Id = "00-1E-64-27-2F-52"
NAS-IP-Address = 172.23.54.2
NAS-Port = 1
Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "68-92-34-91-91-48"
Connect-Info = "CONNECT 802.11b/g"
WISPr-Location-Name = "2o-Andar"
EAP-Message = 0x0207002b190017030100207ecb93aa8a87194cb12dcd7b82b245a4418b0ecc8b2f058b84011aa1679ecb5d
State = 0x50f0e12256f7f8eb3c4e11280c2e9be4
Vendor-25053-Attr-3 = 0x554e49464542452d3158
Message-Authenticator = 0x04f4a2945af002dc6b57443fbdc704e6
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[mschap] returns noop
[eap] EAP packet type response id 7 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 1 cli 00-1E-64-27-2F-52)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 1085
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 118 to 172.23.54.2 port 32784
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 111 with timestamp +25
Cleaning up request 1 ID 112 with timestamp +25
Cleaning up request 2 ID 113 with timestamp +25
Cleaning up request 3 ID 114 with timestamp +25
Cleaning up request 4 ID 115 with timestamp +25
Cleaning up request 5 ID 116 with timestamp +25
Cleaning up request 6 ID 117 with timestamp +25
Waking up in 1.0 seconds.
Cleaning up request 7 ID 118 with timestamp +25
Ready to process requests.