i.e. the *cache* module returns “updated”. That can be fixed. Just add “ok” after “cache.authorize”:
Auth-Type MS-CHAP { mschap cache.authorize ok }
I have made the recommended change, but I am still getting the same result. The only difference I can see in the log is the [ok] = ok towards the end of MS-CHAP section. (7) eap_mschapv2: Auth-Type MS-CHAP { (7) mschap: Found Cleartext-Password, hashing to create NT-Password (7) mschap: Found Cleartext-Password, hashing to create LM-Password (7) mschap: Creating challenge hash with username: qaresdon (7) mschap: Client is using MS-CHAPv2 (7) mschap: Adding MS-CHAPv2 MPPE keys (7) [mschap] = ok (7) cache: EXPAND %{User-Name}%{outer.request:Calling-Station-Id} (7) cache: --> qaresdone899c47233d8 (7) cache: No cache entry found for "qaresdone899c47233d8" (7) cache: Creating new cache entry (7) cache: EXPAND %{control:NT-Password} (7) cache: --> 0x5835048ce94ad0564e29a924a03510ef (7) cache: control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: EXPAND %{control:LM-Password} (7) cache: --> 0xe52cac67419a9a2238f10713b629b565 (7) cache: control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Merging cache entry into request (7) cache: &control:NT-Password := 0x5835048ce94ad0564e29a924a03510ef (7) cache: &control:LM-Password := 0xe52cac67419a9a2238f10713b629b565 (7) cache: Commited entry, TTL 86400 seconds (7) [cache.authorize] = updated (7) [ok] = ok (7) } # Auth-Type MS-CHAP = updated (7) eap: Freeing handler (7) [eap] = reject (7) } # authenticate = reject Thanks, Don ________________________________ CONFIDENTIALITY NOTICE: This e-mail may contain information that is privileged, confidential or otherwise protected from disclosure. **If you are not the intended recipient of this e-mail, please notify the sender immediately by return e-mail, purge it and do not disseminate or copy it.