two questions about migration from FR 2.X to 3.X

[Anton Kiryushkin]

Hello.

I have two question about migration from oldest to newest version.
1. After migration, the process authorization by MSCHAP-V2 wrote that can't
make NT-password:

Fri Nov  3 10:27:52 2017 : WARNING: (4) mschap: No Cleartext-Password
configured.  Cannot create NT-Password
Fri Nov  3 10:27:52 2017 : WARNING: (4) mschap: No Cleartext-Password
configured.  Cannot create LM-Password
Fri Nov  3 10:27:52 2017 : Debug: (4) mschap: Client is using MS-CHAPv1
with NT-Password
Fri Nov  3 10:27:52 2017 : ERROR: (4) mschap: FAILED: No NT/LM-Password.
Cannot perform authentication
Fri Nov  3 10:27:52 2017 : ERROR: (4) mschap: MS-CHAP2-Response is incorrect

This happened in inner-tunnel site with config:

server inner-tunnel {
authorize {
chap
mschap
suffix
update control {
       Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
files
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
session {
radutmp
}
post-auth {
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}

But I have the same config on FR 2.X in it worked. Could tell me why?

The second question with another client. I've got the next error message:

Thu Nov  2 21:44:19 2017 : ERROR: (159) eap_peap: Failed in __FUNCTION__
(SSL_read): s3_srvr.c[1240]:error:1408A0E3:SSL
routines:ssl3_get_client_hello:parse tlsext
Thu Nov  2 21:44:19 2017 : ERROR: (159) eap_peap: System call (I/O) error
(-1)
Thu Nov  2 21:44:19 2017 : ERROR: (159) eap_peap: TLS receive handshake
failed during operation
Thu Nov  2 21:44:19 2017 : ERROR: (159) eap_peap: [eaptls process] = fail
Thu Nov  2 21:44:19 2017 : ERROR: (159) eap: Failed continuing EAP PEAP
(25) session.  EAP sub-module failed

This is printer Canon 5240i and I can't change his software. As well as in
the previous question, all work with FR 2.X.

-- 
Best regards,
Anton Kiryushkin