Hello, I have problems with my FreeRADIUS (Installed )Version 1.1.3. The problem is when I use EAP-PEAP, msCHAPv2 for clients Windows and a Server LDAP in Debian. I have Installed freeradius using EAP-PEAP and in the radius.conf is of the next form: ldap { server = "direcc_IP_LDAP" #identity = "cn=admin,dc=inictel,dc=raap,dc=pe" identity = "uid=user6,cn=admin,dc=inictel,dc=raap,dc=pe" password = inictel basedn = "dc=inictel,dc=raap,dc=pe" #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # filter = "(uid=%u)" groupname_attribute = radiusGriupName groupmembership_attribute = radiusGroupName base_filter = "(objectclass=radiusprofile)" access_attr = "radiusFilterId" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap authtype=ldap ldap_connections_number = 5 ... } And in the file slapd.conf is of the next form: database hdb # The base of your directory in database #1 suffix "dc=inictel,dc=raap,dc=pe" # rootdn directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn "cn=admin,dc=inictel,dc=raap,dc=pe" rootpw inictel # Where the database file are physically stored for database #1 directory "/var/lib/ldap" --------------------- In vim /etc/raddb/users is the next form: #DEFAULT Auth-Type = System # Fall-Through = 1 DEFAULT Auth-Type = LDAP Fall-Through = 1 #userX User-Password == passX # Auth-Type := LOCAL The clients.conf is Ok, and when I do radiusd -X is OK, and I tested of the next form: [root@localhost raddb]# radtest user6 inictel 127.0.0.1 10 testing123 Sending Access-Request of id 247 to 127.0.0.1 port 1812 User-Name = "user6" User-Password = "inictel" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=247, length=64 Filter-Id = "Enterasys:version=1:policy=Enterprise User" So everything is ok there but when I want authenticate a supplicant since my laptop, I have problems: rlm_ldap: - authorize rlm_ldap: performing user authorization for user6 radius_xlat: '(uid=user6)' radius_xlat: 'dc=inictel,dc=raap,dc=pe' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=inictel,dc=raap,dc=pe, with filter (uid=user6) rlm_ldap: checking if remote access for user6 is allowed by radiusFilterId rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusFilterId as Filter-Id, value Enterasys:version=1:policy=Enterprise User & op=11 rlm_ldap: user user6 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 274 modcall: leaving group authorize (returns updated) for request 274 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 274 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK * rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 274 modcall: leaving group authenticate (returns invalid) for request 274 auth: Failed to validate the user. Delaying request 274 for 1 seconds Finished request 274* Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 200.37.45.97:1645, id=65, length=216 Sending Access-Reject of id 65 to 200.37.45.97 port 1645 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 267 ID 58 with timestamp 4c696b6c Cleaning up request 268 ID 59 with timestamp 4c696b6c Cleaning up request 269 ID 60 with timestamp 4c696b6c Cleaning up request 270 ID 61 with timestamp 4c696b6c I can't authenticate my supplicant, Could you help me please Thank You!. -- Quinto Ancieta Javier Richard jquinto@inictel-uni.edu.pe, richardqa@gmail.com telf: 9931-78569-5213902-3461808-533 Remember: Nothing is impossible, because the dreams of yesterday are the hopes of today and tomorrow can become a reality.