I'm attempting 802.1x authentication with Checkpoint Integrity. I have it working with peap no problems and usings mschapv2. However, when I attempt with Integrity, I have to choose "Zone Labs Cooperative Enforcement" within the Windows 802.1x authentication options. I've then chosen peap/mschapv2 here, but an additional setting is eap-type "44" of which I'm unable to change on the client. When the authentication attempt is tried with freeradius, this is what I see from the debug log. rad_recv: Access-Request packet from host 172.20.12.220:4066, id=145, length=232 Framed-MTU = 1480 NAS-IP-Address = 172.20.12.220 NAS-Identifier = "HP ProCurve Switch 5304XL" User-Name = "bartek" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "A1" Called-Station-Id = "00-11-85-57-88-00" Calling-Station-Id = "00-00-39-53-b0-aa" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "111" State = 0xa470cc42adabab0256dc2c8bc1eed1a2 EAP-Message = 0x02020006032c Message-Authenticator = 0x7aaa286e636cd7d6d2db5775789ea1ec Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry bartek at line 223 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group eap for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for bad type 44 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 1 modcall: leaving group eap (returns invalid) for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.20.12.220:4066, id=145, length=232 Sending Access-Reject of id 145 to 172.20.12.220 port 4066 EAP-Message = 0x04020004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 144 with timestamp 4562beee Cleaning up request 1 ID 145 with timestamp 4562beee Nothing to do. Sleeping until we see a request. The main bit of this being the EAP NAK and "NAK asked for bad type 44". I'm unsure of how I'm supposed to configure freeradius to use this type, as in the IANA numbers, type 44 is shown as: 44 ZoneLabs EAP (ZLXEAP) Any ideas on what I can do to get this working?