Bruno Kremel wrote: > I am posting full log with first is radtest accepted and others are > failde login from wifi client with 2 different accounts... > > FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Mar 29 > 2010 at 15:58:09
You should probably upgrade to 2.1.8. It has a lot of fixes && features over 2.0.4. > server inner-tunnel { > +- entering group authorize > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns notfound > rlm_realm: No '@' in User-Name = "123", looking up realm NULL > rlm_realm: No such realm "NULL" > ++[suffix] returns noop > ++[control] returns noop > rlm_eap: EAP packet type response id 8 length 62 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop And no "sql". Edit raddb/sites-available/inner-tunnel, and add "sql" to the "authorize" section. It's already there, so you likely just have to uncomment it. > rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. > rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for 123 with NT-Password > rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. > rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Yup. No "known good" password means no authentication. You could also try: http://networkradius.com/freeradius.html This lets you cut && paste the debug output into a form. The response is a colorized HTML page indicating common errors, and things you should look into. It won't catch this problem, but it will highlight the fact that there was no "known good" password for the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html