Sorry for the inconvenience Alan, I'm just a student and currently studying/exploring radius servers.
Now I changed all the configuration back to default and make the some configuration to make ldap works. Here is the debug and it is quite different from the previous one: rad_recv: Access-Request packet from host 10.96.100.205 port 1494, id=0, length=143 User-Name = "kim.almarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d33e0019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0xcffe22481a4058a92af0247cdbeb03ec +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 1494 EAP-Message = 0x0106002b1900170301002091954e9ec07cc3ca9afa609b287aea0248a1a1fbb2fe6ad3ccf1ea09fba06e11 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37e5184d32e3019d0fd828625cb2b12f Finished request 6. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 1496, id=0, length=196 User-Name = "kim.almarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d32e3019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206003b19001703010030b116207fd585e2b669e3f77de44fc303752534eacf129c6be70a929f6c0f467eac807a801d321cd3fbee1078fefb5fcc Message-Authenticator = 0xa31d5cd12cca50d02ad850f9eb1f0ff8 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - kim.almarez [peap] Got tunneled request EAP-Message = 0x02060010016b696d2e616c6d6172657a server { PEAP: Got tunneled identity of kim.almarez PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to kim.almarez Sending tunneled request EAP-Message = 0x02060010016b696d2e616c6d6172657a FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "kim.almarez" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 6 length 16 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for kim.almarez [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> kim.almarez [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kim.almarez) [ldap] expand: O=SMPRIME -> O=SMPRIME rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user kim.almarez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010700251a01070020102ef100c06100accb4d5d1b6ad5d2f8446b696d2e616c6d6172657a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb71a0bf8b71d112af1d78f0bcd53be2d [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010700251a01070020102ef100c06100accb4d5d1b6ad5d2f8446b696d2e616c6d6172657a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb71a0bf8b71d112af1d78f0bcd53be2d [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 1496 EAP-Message = 0x0107004b19001703010040b41853b36929694f55a975a54e0312aad67a79c95cee9ba97992e39f7d2cb6588c877bec75be8cf35a9a5ef98dad06c34e7356d515ab0acfad5acbec3896cbfa Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37e5184d31e2019d0fd828625cb2b12f Finished request 7. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 1498, id=0, length=244 User-Name = "kim.almarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d31e2019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207006b190017030100601e1827ee2c7843bdfa6b6e4689356b3cf4bbc3f5fe93482b29a244a417d2932b712ffbd46c831824c618053d9e66118c6e9bb1f988abb79558291fd48347ea822c12fa3e712b7512ce80fc6fb19399f71a3dc7d99c9b8ae049e2d93d0119462d Message-Authenticator = 0xab6a9afce0d198bfc3a3acbd3bfb1958 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700461a0207004131c8424ddebbff4ae40360c6bf7d5a207500000000000000006da6ed352c3663c5a057b5a88306c7398494ebcd6bd77420006b696d2e616c6d6172657a server { PEAP: Setting User-Name to kim.almarez Sending tunneled request EAP-Message = 0x020700461a0207004131c8424ddebbff4ae40360c6bf7d5a207500000000000000006da6ed352c3663c5a057b5a88306c7398494ebcd6bd77420006b696d2e616c6d6172657a FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "kim.almarez" State = 0xb71a0bf8b71d112af1d78f0bcd53be2d server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 70 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [ldap] performing user authorization for kim.almarez [ldap] expand: %{Stripped-User-Name} -> [ldap] expand: %{User-Name} -> kim.almarez [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=kim.almarez) [ldap] expand: O=SMPRIME -> O=SMPRIME rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in O=SMPRIME, with filter (uid=kim.almarez) [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user kim.almarez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for kim.almarez with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 0 to 10.96.100.205 port 1498 EAP-Message = 0x0108002b19001703010020b67088663b6039d4a9c90f13c1f75b147bc25c040460ced33b554cb989f51d40 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x37e5184d30ed019d0fd828625cb2b12f Finished request 8. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 10.96.100.205 port 1500, id=0, length=180 User-Name = "kim.almarez" NAS-IP-Address = 10.96.100.205 Called-Station-Id = "0014bf8abbc5" Calling-Station-Id = "002682a0ed7d" NAS-Identifier = "0014bf8abbc5" NAS-Port = 48 Framed-MTU = 1400 State = 0x37e5184d30ed019d0fd828625cb2b12f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0208002b19001703010020afc9ad58dc4eaeb0cd31df70e64a2e70d873b7893fd45c94866f771c430c0c9c Message-Authenticator = 0x1552a063a65c1859294c6558583d7435 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "kim.almarez", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> kim.almarez attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 0 to 10.96.100.205 port 1500 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. Cleaning up request 1 ID 0 with timestamp +21 Cleaning up request 2 ID 0 with timestamp +21 Cleaning up request 3 ID 0 with timestamp +21 Cleaning up request 4 ID 0 with timestamp +21 Cleaning up request 5 ID 0 with timestamp +21 Cleaning up request 6 ID 0 with timestamp +21 Cleaning up request 7 ID 0 with timestamp +21 Cleaning up request 8 ID 0 with timestamp +21 Waking up in 1.0 seconds. Cleaning up request 9 ID 0 with timestamp +21 Ready to process requests. The difference is with this lines: [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for kim.almarez with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect. -- View this message in context: http://old.nabble.com/Freeradius-%2B-WPA2-%2B-Windows-Client-tp29479107p29479714.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html