Hello, I don't know why I can't make my authentication working with Juniper secure access I have a user +----+----------+--------------------+------------+----+ | id | username | attribute | value | op | +----+----------+--------------------+------------+----+ | 9 | t2 | Cleartext-Password | passsecret | == | +----+----------+--------------------+------------+----+ Command line authentication works # radtest t2 passsecret 127.0.0.1 1812 testing1234 PPP 192.168.1.1 I entered the Juniper device in clients.conf client mag.mydomain.com { ipaddr = 192.168.1.2 secret = mykey shortname = mag require_message_authenticator = no nastype = other # localhost isn't usually a NAS... } I entered that same key in the Juniper secure access configuration The complete debug output is below, does anyone see something that could explain why it doesn't work ? It says: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. However, the password is good !!! rad_recv: Access-Request packet from host 192.168.1.2 port 65218, id=236, length=132 NAS-Identifier = "mag" User-Name = "t2" User-Password = "passsecret" Tunnel-Client-Endpoint:0 = "192.168.1.3" NAS-IP-Address = 192.168.1.2 NAS-Port = 0 Acct-Session-Id = "t2(Group XXXX)\"Sun Sep 16 01:43:02 2012\"VVZatHVK" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "t2", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 202 ++[files] returns ok [sql] expand: %{User-Name} -> t2 [sql] sql_set_user escaped user --> 't2' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 't2' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 't2' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 't2' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 't2' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User t2 not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. expand: Host %n -> Host 192.168.1.2 Login incorrect: [t2/passsecret] (from client mag port 0) Host 192.168.1.2 Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> t2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 5 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 5 Sending Access-Reject of id 236 to 192.168.1.2 port 65218 Waking up in 4.9 seconds. Cleaning up request 5 ID 236 with timestamp +1809 Ready to process requests.