Hi Ivan: The password is in the ldap server as one of attributes binded to the user (userPassword: {CRYPT}something). I posted the debugging info here and thanks a lot for your help! Andy ------------The radiusd -X debugging info for a failed authentication request : rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=90, length=156 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000b01616e6479616e Message-Authenticator = 0x1b640e34d5907297f26e0150e954b295 +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:10 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for andyan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=andyan) expand: ou=People,dc=eciad,dc=ca -> ou=People,dc=eciad,dc=ca rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap1.eciad.ca:389, authentication 0 rlm_ldap: bind as / to ldap1.eciad.ca:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter (uid=andyan) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? rlm_ldap: user andyan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 90 to 10.10.10.228 port 1059 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce343774ce3522073b392edc718830e4 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=91, length=275 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201007015800000006616030100610100005d0301485ae7246df7cad8b3977bcb702121baac84e2a85197943b52e273243aa1543a000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100 State = 0xce343774ce3522073b392edc718830e4 Message-Authenticator = 0xcb10e2b9445f9958feaab918576268bc +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:11 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 112 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS TLS Length 102 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 91 to 10.10.10.228 port 1059 EAP-Message = 0x0102040015c0000008bb160301004a020000460301485ae717624920311e0af361309e5511218e8ea118be1011bdb69298297e6bc620d3e32b8f78ff7c31566794a16b1267cba749c6950eb8651a1e7211ac9cc9c4ad002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383232303934315a170d3039303631383232303934315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c5d8f1bfb0aec2555c5e034ee4677c814ac120afc2c6737fae65f755df4a EAP-Message = 0x2af9434f85596064fc5bcd9b5f2e16f426c39ff51614c80a65c2e067a3a4c7911a38a3b8839007ea4d03cbda93410f383e643cd8bd788e9e14d2b3abd1067ad10efcc6eb0f8b8c0302ff00327e8604af8c16debd1e6ca2195d2b8187ca25e77d5f7bd4c84b985981baf5fd0be7cabe98da5d14817bd3ad62f2ac4f281098433100a22663ddb348f2a6ed0dd82f1de13a8ad2a57a3afe6d1e82eca0bf7f708ef7b7999a1af5b78b30171d2a40ce03d8b4daedcacd5bd389559f4b7fc82a4c411712829a3b5a09686b33a1c50abe21e8cff6189d8a481e19871e6f8b629e79dbf5ff590203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d01010405000382010100abdc8d29f0855dd309bd358b192e5c368fa45e161de5671519a4ae6db6c8ed586c8a6c3565dbc39b7c3c648061daabd6d1a220997c7caf6d105df85affd385a5dbae3b9b9040f59b066fa399496d909f04ffbe88e13cb90791e3fa8cb66577101e2967fe5a9d562b5c903c7f3625c59de375241836391ccb85aaad9d02a15af33203b928cdff6276ad00bfdaf17f5ef12d0370926d5dee595b22f0dd8a332ffe2c6e3f80d55551787a6b58e31933c44a6282f6eaaefc8c454955db064b742cf6907cf558d08da46b3a3e1925581fee05bb6ca641511d4f35c7880bbedfed8ea20f0276b21a85 EAP-Message = 0x2889877f5db3c70defc739be Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce343774cf3622073b392edc718830e4 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=92, length=169 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061500 State = 0xce343774cf3622073b392edc718830e4 Message-Authenticator = 0x5e4e63959239fca2486e0190d9d3c54a +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:11 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 92 to 10.10.10.228 port 1059 EAP-Message = 0x0103040015c0000008bbcef8e8135051d22c8e604c46bbe50004ab308204a73082038fa003020102020900964407b7ca8a72e7300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383232303933395a170d3038303731383232303933395a308193310b EAP-Message = 0x3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e71a28d861d1bc000ead67dda77fc24c88fd7f4e6b154ec39e6c1328da93acb45c4203d45485a76bd3ebf28e55486d785b45f54c81ee601a8e73e1c07d16f606a1b6146055903f54ebc8a5 EAP-Message = 0x06d421fb703b664bc1a37493d95559d894f04a2ca09c3c5292e9d82cff10a031177cab034ab883b3871e6c2460325a0d8a2a68322698cde33ad81ed808a429177249ff720932bea36f3558c8037fba4110a20451ed263bdd7021686bc816249ff209de18ebc36a923977b852b198a70b3601fb87b263c740a0d191a59591300981709f9beb6987b67bdfa820db88dcb3c3af3fa827552afb43f6accf386739f292c311b7f6287609afec629a4b8f1c0c0d4a9e165d0203010001a381fb3081f8301d0603551d0e041604148fc1ab4304f6a473ea66c4512ef6f9a078dbe3623081c80603551d230481c03081bd80148fc1ab4304f6a473ea66c4512ef6 EAP-Message = 0xf9a078dbe362a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900964407b7ca8a72e7300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008c2687a029f098693008dbc4ee9968c7e71b0a4792003dc2d62403a142c75c227df610ac8979ffd430cf55103bab EAP-Message = 0xb78977c9a55b9a3571e655a3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce343774cc3722073b392edc718830e4 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=93, length=169 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061500 State = 0xce343774cc3722073b392edc718830e4 Message-Authenticator = 0x3d44409ada91a802ad38c9516b7bd15f +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:11 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 93 to 10.10.10.228 port 1059 EAP-Message = 0x010400d91580000008bb04ae601515d34e563c02cc3de859401a836dc8d5b9e0c675cc610078839fc238a6f3ca30ce79381a61c588416489587635fe1fa874b66bc643d652e322305ad54f40382d23f7fe74c6df9df734c099780d8604e304ca13d8bc9e2bb3ebd9221731634de6099bb36ff584bae8b16bfd00d3b19ffe67c20b40e9d66366325f55810904fc6fa593c6186bf3cedd075e3c447a65a23d444547c434ec02220b377133980437496ee79601f296ea241e10ed902bcdf83adac9980a26ac91f4b034ef1e88febcd2e3a416030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce343774cd3022073b392edc718830e4 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=94, length=501 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204015015800000014616030101061000010201006f8b4a08f82354917c986395fa9a274fdae1c99fa5016c83526d76183458f4f18db894c0602c67f245007cda75b0bc6267972a5ec6b7b9be1d2bcbf7f8e86d5532a48e861efdc5e232d31e8bf91a4c5edf9c68ffa4c193312122387311da7af75adf30ed6ed034f9a1a57785455f2673482e9339b36ff9784f924f0b50ebaf6bdccdd15f3f1c075208eea7e9f7bc178b0eeb91b1aa5f515b597886566c4f5ff34f45437fd9e810c2699daf33ec51902a7ba4bc7578271b3bf71ccb99e08e7308978bbf09ef9ccf1b63ef0651397222bb58be67099dbc7b8e37627f204ceb641a30382a1e11a7fd2f EAP-Message = 0x991c03d2e3f57e56e36db67b21563e3f97502d4fba252d8a1403010001011603010030cf151f5b366eda1330659c1f3f5e55339fdc3d1e066553f4e1617ef016a82b2051a71cabd5dd256233a3c13b835765ac State = 0xce343774cd3022073b392edc718830e4 Message-Authenticator = 0x5b6d9e9a04ef65ad4b374225d10a39f0 +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:11 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS TLS Length 326 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 94 to 10.10.10.228 port 1059 EAP-Message = 0x0105004515800000003b1403010001011603010030dcbc638acd36ffa613cef9ef9af25c610a95b3484085d983ad7512401dfb83682e456974cac1172d9fc413f44fcaebac Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce343774ca3122073b392edc718830e4 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.10.228 port 1059, id=95, length=322 User-Name = "andyan" NAS-IP-Address = 10.10.10.228 NAS-Port = 1 Called-Station-Id = "00-14-6C-CC-93-E8:ECIeduroam" Calling-Station-Id = "00-17-F2-52-8A-C7" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0205009f1580000000951703010090987fd6d5cc5864599d5ca410f41de2a2044d322da2a89e7460dee718bd49305e426f8dedf5e8487d84e977a7c3a9206c6de4d1824fada2d41244382e57d30b801ebda16a9ebb3e74dd6b62a2bdcc36755a8f8b26fb36454ed404c3d9eb4f13b8337e25e6c7a4fa21f8497db0a782833b513c8335207e868ac0bfa876fc3db0414a4ae8deccd03be7748f5907fbe04d36 State = 0xce343774ca3122073b392edc718830e4 Message-Authenticator = 0xa2874e59a7ffafb2940d2853a2fbe36e +- entering group authorize expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.228/auth-detail-20080619 expand: %t -> Thu Jun 19 16:09:11 2008 ++[auth_log] returns ok rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 159 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS TLS Length 149 rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. +- entering group authorize rlm_realm: No '@' in User-Name = "andyan", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for andyan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=andyan) expand: ou=People,dc=eciad,dc=ca -> ou=People,dc=eciad,dc=ca rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter (uid=andyan) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? rlm_ldap: user andyan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> andyan attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 95 to 10.10.10.228 port 1059 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 5. Going to the next request Waking up in 4.4 seconds. Cleaning up request 0 ID 90 with timestamp +72 Cleaning up request 1 ID 91 with timestamp +73 Cleaning up request 2 ID 92 with timestamp +73 Cleaning up request 3 ID 93 with timestamp +73 Cleaning up request 4 ID 94 with timestamp +73 Waking up in 0.3 seconds. Cleaning up request 5 ID 95 with timestamp +73 Ready to process requests. --