Hi, you SAY you are using 2.1.8
but this config.... > filter = > "(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))" which leads to this error/warning > [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for > details was fixed in 2.1.8 (basically, config file now correct). does this mean you've dumped a 2.1.6 config into a 2.1.8 system rather than just editing the config files properly? dont do that > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type md5 > rlm_eap_md5: Issuing Challenge > ++[eap] returns handled hmm, since MD5 cannot be used for wireless authentication , suggest you chane the default type in the eap.conf. it might be that your AP doesnt expect to see a challenge or attempt from the server. change default_eap_type in the EAP {} part of eap.conf to eg peap I noted an MTU of 1488 - the LAN should be okay with 1500 but if the AP isnt liking things, the ensure the fragment size is decreaed in eap.conf too eg uncomment to activate the line fragment_size = 1024 in eap.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html