I am using EAP for authenticating WiFi Clients with Certificate on their machines. However RADIUS won't authenticate. Any help is appreciated. Thanks. Rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=56, length=210 User-Name = "host/Loaner751.darden.com" Framed-MTU = 1400 Called-Station-Id = "0019.aaab.5af5" Calling-Station-Id = "100b.a988.b5a0" Cisco-AVPair = "ssid=DRI_test" WISPr-Location-Name = "4441-NC-AP1" Service-Type = Login-User Message-Authenticator = 0x0e316ee8b533416251694ad185583409 EAP-Message = 0x0202001e01686f73742f4c6f616e65723735312e64617264656e2e636f6d NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "102" NAS-Port = 102 NAS-IP-Address = 10.238.250.50 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 30 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group eap { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group eap = handled Sending Access-Challenge of id 56 to 10.238.250.50 port 1645 EAP-Message = 0x010300160410bfd16c1dfa600bd36fa2eb08ba9b5618 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcc8a4efdcc894a61cff43991e0926e2a Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=57, length=204 User-Name = "host/Loaner751.darden.com" Framed-MTU = 1400 Called-Station-Id = "0019.aaab.5af5" Calling-Station-Id = "100b.a988.b5a0" Cisco-AVPair = "ssid=DRI_test" WISPr-Location-Name = "4441-NC-AP1" Service-Type = Login-User Message-Authenticator = 0x54d5aec97fd76f4282e2eac636980031 EAP-Message = 0x020300060319 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "102" NAS-Port = 102 State = 0xcc8a4efdcc894a61cff43991e0926e2a NAS-IP-Address = 10.238.250.50 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +group eap { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group eap = handled Sending Access-Challenge of id 57 to 10.238.250.50 port 1645 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcc8a4efdcd8e5761cff43991e0926e2a Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=58, length=303 User-Name = "host/Loaner751.darden.com" Framed-MTU = 1400 Called-Station-Id = "0019.aaab.5af5" Calling-Station-Id = "100b.a988.b5a0" Cisco-AVPair = "ssid=DRI_test" WISPr-Location-Name = "4441-NC-AP1" Service-Type = Login-User Message-Authenticator = 0x9b2daf305bb49a270834f943e0206af9 EAP-Message = 0x0204006919800000005f160301005a01000056030155de2777bb843e994ac509c2e8cbb6b78411ee24c71e69bbc547a17566e65bc9000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "102" NAS-Port = 102 State = 0xcc8a4efdcd8e5761cff43991e0926e2a NAS-IP-Address = 10.238.250.50 # Executing section authorize from file /etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 105 Eventually I get: Cleaning up request 6 ID 62 with timestamp +12 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0xcc8a4efdca835761 did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=62, length=204 This e-mail message is for the sole use of the intended recipient and may contain information that is confidential, proprietary or privileged. Any unauthorized review, use, distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, please notify sender of the delivery error by replying to this message and then delete it from your system. Receipt by anyone other than the intended recipient is not a waiver of confidentiality or privilege.