Hi Jean-Paul!!!
I have your configuration in my freeradius-snapshot-20040222 but I have the following error: (see freeradius logs please). I don't understand the configuration of "users" file: #--------------------------------------------------------- # Connexion 801.x a0153 ============> What is it? # a0292 : Define the user for 802.1x Authentication #--------------------------------------------------------- a0292 ==============> What is it? # a0292 : Define the user for 802.1x Authentication #--------------------------------------------------------- 999999999991 ================> I have added, but I don't know why exactly??? :( # By default use Ldap for authentication #--------------------------------------------------------- DEFAULT Auth-Type := LDAP On my LDAP I have the following configuration: dc=sgi,dc=es | --cn=Manager | --ou=Wireless | --mail=999999999991 | --mail=888888888881 | ... where 999999999991 and 888888888881 are the users. In the users' LDAP entries I have various attributes: Attribute Value o Soluciones Globales Internet S.A. sn - userPassword [EMAIL PROTECTED] ou Wireless radiusAuthType EAP mail 888888888881 radiusExpiration 22 Feb 2005 userCertificate;binary [EMAIL PROTECTED] uid 888888888881 objectClass top objectClass person objectClass organizationalPerson objectClass inetOrgPerson objectClass radiusprofile cn 888888888881 businessCategory Usuario radiusUserCategory Note: Freeradius take the "radiusAuthType" attribute from the LDAP, so my freeradius connects with the LDAP, so ldap module configuration in radiusd.conf is correct (I think). The following logs are generated with the user "a0153", and this user NOT exists in my LDAP, but if I use other user, for example 999999999991, which exists in my LDAP, the logs are different. (I'm going to send you these logs in other mail because this email is too large) Thanks in advance!! freeradius logs with "a0153" ----> NOT IN MY LDAP ---------------------------------------------------------- [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 192.168.49.252:1225, id=13, length=132 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000a016130313533 Message-Authenticator = 0xf60f3a8a65245be9ff2b31ff95b0349d modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 13 to 192.168.49.252:1225 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x03c43ec987e4f36ae2ed2849704a0a0d Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=14, length=146 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060315 State = 0x03c43ec987e4f36ae2ed2849704a0a0d Message-Authenticator = 0x01fd17a5dcceb4e219b80f55687be0ee modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/ttls rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 14 to 192.168.49.252:1225 EAP-Message = 0x010300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f3bc89eae61f4d3e03e7d3da3896fb6 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=15, length=200 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203003c158000000032160301002d010000290301e9021700b000e49a01cc67807dd1d761 3d97f815fc50bdf4edfe19e7522f31e4000002000a0100 State = 0x4f3bc89eae61f4d3e03e7d3da3896fb6 Message-Authenticator = 0x98a1b6d3f399f76e82154b1ea0718665 modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 3 length 60 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 002d], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 058c], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 15 to 192.168.49.252:1225 EAP-Message = 0x0104040a15c0000005e9160301004a020000460301403b1a6ceccc583113658c2b9bb556cb baf8e40a8a28b2f23dbab238475e1f1b20f06d0bec308c0666d00e09b749f061ef2fe23b53df 5375bc009277e43d68cf94000a00160301058c0b0005880005850002c9308202c53082022ea0 03020102020104300d06092a864886f70d010104050030819e310b3009060355040613024553 3110300e06035504081307536576696c6c613110300e06035504071307536576696c6c61312a 3028060355040a1321536f6c7563696f6e657320476c6f62616c657320496e7465726e657420 532e412e3111300f060355040b1308576972656c657373311930 EAP-Message = 0x17060355040314104365727431315f30325f3034205347493111300f06092a864886f70d01 090116024341301e170d3034303231313137323535325a170d3234303230363137323535325a 308198310b30090603550406130245533110300e06035504081307536576696c6c613110300e 06035504071307536576696c6c61312a3028060355040a1321536f6c7563696f6e657320476c 6f62616c657320496e7465726e657420532e412e3111300f060355040b1308576972656c6573 73310f300d060355040313065261646975733115301306092a864886f70d0109011606524144 49555330819f300d06092a864886f70d010101050003818d0030 EAP-Message = 0x818902818100bc43830795c9f634862308ad613636c02b3ff326a8b32c573457ced116d42f 06b6c05570ff32e5665709616ccba700adfb87157609f489e501271ce51c358d6d300c476920 05e138280a5a86d9b651ba09f0b982cb577eed7267105eac7fd7e4f091b18f2fb17ee0509d30 0b4d25294ec4296ce2d4e2ca697e108d28fe15c5e10203010001a317301530130603551d2504 0c300a06082b06010505070301300d06092a864886f70d0101040500038181001404ff48bdea b758ad11aabab52469cd9b19167a1c813a93ccf461eac58f26151716e74bd3eaa093936bb077 46584d4e6103c537f7486df0d513e3f87fb1a44c45257fac1118 EAP-Message = 0x99001c30c01b8667ff080a9d6e620fbca19508e7af8ec2744b60681de293d0feedff9a21b1 43af1ffdc94a4142b2eef563e84edbab59a03c588f0002b6308202b23082021ba00302010202 0100300d06092a864886f70d010104050030819e310b30090603550406130245533110300e06 035504081307536576696c6c613110300e06035504071307536576696c6c61312a3028060355 040a1321536f6c7563696f6e657320476c6f62616c657320496e7465726e657420532e412e31 11300f060355040b1308576972656c65737331193017060355040314104365727431315f3032 5f3034205347493111300f06092a864886f70d01090116024341 EAP-Message = 0x301e170d3034303231313137303035385a170d323430 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0306d96b09ab1047d29909af35c7b14a Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=16, length=145 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0204000515 State = 0x0306d96b09ab1047d29909af35c7b14a Message-Authenticator = 0xda73e4bb5ef94a82ca0b2a43b5399217 modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 4 length 5 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 16 to 192.168.49.252:1225 EAP-Message = 0x010501f31580000005e93230363137303035385a30819e310b300906035504061302455331 10300e06035504081307536576696c6c613110300e06035504071307536576696c6c61312a30 28060355040a1321536f6c7563696f6e657320476c6f62616c657320496e7465726e65742053 2e412e3111300f060355040b1308576972656c65737331193017060355040314104365727431 315f30325f3034205347493111300f06092a864886f70d0109011602434130819f300d06092a 864886f70d010101050003818d0030818902818100c85e9212b810bd07abef5b98879a136750 02f8c399f2cfa5211914e2ed24515e188a49827b7571d77cf91b EAP-Message = 0x7023d89580f96fe586fb09d5880e167faa0041d9a2af2b1e2d38a4816051ed978ba80c84b4 13f01aba43bab12805b216a5658a752c0073d8a8e2cd3a745d94f2804ab3bf81190b45bd9804 92a4c716737d132d34710203010001300d06092a864886f70d010104050003818100961d6d9f 0c15ca6ca1c3c5e862bfe07987888e2d4eef4585934009082fd4c6a95451ecf2909450776307 e99959dd86c1d243ba996d3a4fc1e9b2faba3eaebf9b05cf66c5bf96e1588a2754ad8df7fb10 fbf98fc867ab616dd18c8b2f55220a174219436a570b122e8e1c0eb24daa125c32442d529c7a 8ff37cbd1e4c63a17fe116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0df24c1767867a9d62b7d808357b7570 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=17, length=340 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500c81580000000be16030100861000008200804ec0b724aebee0216e4666798bc3550f b6d84f6ec754c4c62580422fc414755224fc9b9efdfa89ce8286c2c1316684a0eadcd29ba68d c490508a3be6405c5aa2d254f490ccacfd483dbe83b2ee4f72bea6a7946dc2b934b8559241e2 fcd8838a7bc4b2ff00b5a83d11293678a3c75cea79655878046e250c8bf7316a1e715d071403 01000101160301002817857ac6eca7fbb87ae832fbb32fc607accaec1c52043d8d157e3ec997 55946194467eddba973ce8 State = 0x0df24c1767867a9d62b7d808357b7570 Message-Authenticator = 0x1ff478c2724227a2836f62d5450166be modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 5 length 200 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 17 to 192.168.49.252:1225 EAP-Message = 0x0106003d15800000003314030100010116030100285928ed0a1de1f0b30bff0b75da99c9ae 4acd8fa1645797bacc1580c49bae3edd2c9de4072d89f73b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05475cd571bc5f962e841a7b950afdd3 Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=18, length=211 User-Name = "a0153" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206004715800000003d170301003820be3c33c85e0316bf801bc1b59b482c2fd8eb49d792 f98dce73550c6442f8128e7a69436e4480d40ae1366673aa4ef47d1ad3288d609fff State = 0x05475cd571bc5f962e841a7b950afdd3 Message-Authenticator = 0x3802f12111d5ab22325d397383592df9 modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 6 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "a0153" User-Password = "izadisan" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "a0153" User-Password = "izadisan" FreeRADIUS-Proxied-To = 127.0.0.1 modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "a0153", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 8 users: Matched a0153 at 4 modcall[authorize]: module "files" returns ok for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for a0153 radius_xlat: '(uid=a0153)' radius_xlat: 'ou=Wireless,dc=sgi,dc=es' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter (uid=a0153) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 8 modcall: group authorize returns ok for request 8 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 13 with timestamp 403b1a6c Cleaning up request 4 ID 14 with timestamp 403b1a6c Cleaning up request 5 ID 15 with timestamp 403b1a6c Cleaning up request 6 ID 16 with timestamp 403b1a6c Cleaning up request 7 ID 17 with timestamp 403b1a6c Sending Access-Reject of id 18 to 192.168.49.252:1225 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 8 ID 18 with timestamp 403b1a6c Nothing to do. Sleeping until we see a request. José Luis Solano SGI - Soluciones Globales Internet S.A. Delegación Regional Sur [EMAIL PROTECTED] (+34) 954.088.060 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html