OK, it's working now. Here is what I changed: in sql.conf I changed from sql_user_name = "%{Stripped-User-Name}" to sql_user_name = "%{User-Name}" Not sure there's a difference, but that's what I did...
in radius.conf in the authorize section commented out all but preprocess, chap, mschap, and sql. in radius.conf in the authenticate section, commented out all but pap, chap, mschap, and unix. In my radcheck table: mysql> select *from radcheck; +----+----------+----------------+----+------------------------------------+ | id | UserName | Attribute | op | Value | +----+----------+----------------+----+------------------------------------+ | 4 | foo | Crypt-Password | := | $1$HuWuTTVg$GqVJ5SOZfZqBn3F0gcAp// | | 3 | scotty | Password | == | testing | +----+----------+----------------+----+------------------------------------+ Both of which work just fine. Now off to figure out how to get this to work with our Cisco VPN 3000, and certificates... Scott Mace Network Administrator TravelCenters of America 24601 Center Ridge Rd. Westlake, OH 44145 440-808-4318 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html