Hi, > So here is a debug again. Like i said, SQL is uncommented on inner-tunnel.
that better - and yes it is uncommented..the debug shows that nicely :-) > ++[sql] returns ok ok > [pap] Normalizing MD5-Password from hex encoding the password is MD5 encrypted. > rlm_eap_mschapv2: Issuing Challenge and thats your problem. 802.1X methods like PEAPv0/MSCHAPv2 (standard microsoft PEAP) DO NOT send the password to the server. instead, they use a challenge-response method. which means that you need to be able to KNOW the actual password - so you need to have a copy of it. this all comes down to compatability....which, once again, highlights the requirements to read the documentation - particularly the web site which I have already mentioned: http://deployingradius.com/documents/protocols/compatibility.html so....the passwords in DB need to be clear or NT-hash your current non 802.1X stuff works becaus the captive portal actually sends the user-password across to the RADIUS server...so it can do an MD5 and see that it just matches the database value. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html