Hello all, I want to test new features of freeradius 3.0.0 from tarball, but I don't be able run successfull PEAP - MS-CHAPv2 authentization. Testing environment: freeradius 3.0.0 local user in users file (cleartext password: ferda Cleartext-Password := "hello") testing certificates generated by bootstrap Result in debug log: (12) eap_peap : Tunneled authentication was successful. (12) eap_peap : SUCCESS (12) eap : New EAP session, adding 'State' attribute to reply 0xbb50c041b359d9c3 (12) [eap] = handled (12) } # authenticate = handled ... 13) # Executing group from file /etc/freeradius/sites-enabled/default (13) authenticate { (13) eap : Expiring EAP session with state 0xbb50c041b359d9c3 (13) eap : Finished EAP session with state 0xbb50c041b359d9c3 (13) eap : Previous EAP request found for state 0xbb50c041b359d9c3, released from the list (13) eap : Peer sent PEAP (25) (13) eap : EAP PEAP (25) (13) eap : Calling eap_peap to process EAP data (13) eap_peap : processing EAP-TLS (13) eap_peap : eaptls_verify returned 7 (13) eap_peap : Done initial handshake (13) eap_peap : eaptls_process returned 7 (13) eap_peap : FR_TLS_OK (13) eap_peap : Session established. Decoding tunneled attributes. (13) eap_peap : Peap state send tlv success (13) eap_peap : EAP type NAK (3) (13) eap_peap : We sent a success, but received something weird in return. SSL: Removing session 370322346fc943fdb1aad36f4480d755e0cbe3cea31c375242d599bc8f16ad4e from the cache (13) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module failed (13) eap : Failed in EAP select (13) [eap] = invalid (13) } # authenticate = invalid (13) Failed to authenticate the user. radtest results: # test of inner-tunnel root@ferda:/etc/freeradius# radtest ferda hello localhost:18120 0 testing123 Sending Access-Request of id 124 from 0.0.0.0 port 51463 to 127.0.0.1 port 18120 User-Name = 'ferda' User-Password = 'hello' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=124, length=20 root@ferda:/etc/freeradius# radtest -t mschap ferda hello localhost:18120 0 testing123 Sending Access-Request of id 207 from 0.0.0.0 port 56629 to 127.0.0.1 port 18120 User-Name = 'ferda' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 MS-CHAP-Challenge = 0xcf018e925195d3d9 MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000c1dbccbde8a3f351c6abf211ec362574a0791cbeb4d5e93a rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=207, length=84 MS-CHAP-MPPE-Keys = 0xfda95fbeca288d44ac0782e2de2337dee40e54ee732c1af5 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed # test on default port root@ferda:/etc/freeradius# radtest ferda hello localhost 0 testing123 Sending Access-Request of id 34 from 0.0.0.0 port 58221 to 127.0.0.1 port 1812 User-Name = 'ferda' User-Password = 'hello' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=34, length=20 root@ferda:/etc/freeradius# radtest -t mschap ferda hello localhost 0 testing123 Sending Access-Request of id 58 from 0.0.0.0 port 50981 to 127.0.0.1 port 1812 User-Name = 'ferda' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0x00 MS-CHAP-Challenge = 0x3391672449586edb MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cd40eb3770183e9a6ee3cc67da194680f1abb095c7561f41 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=58, length=84 MS-CHAP-MPPE-Keys = 0xfda95fbeca288d44ac0782e2de2337dee40e54ee732c1af5 MS-MPPE-Encryption-Policy = Encryption-Allowed MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed I don't know where is problem. Thanks for tips and advises. Best regards Pavel Polacek