From: Martin B. via Freeradius-Users <freeradius-users@lists.freeradius.org> Subject: EAP-TEAP not doing 2nd inner Method "(1) eap_teap: (TLS) EAP Got final fragment (156 bytes) (1) eap_teap: WARNING: (TLS) EAP Total received record fragments (156 bytes), does not equal expected expected data length (0 bytes) (1) eap_teap: (TLS) EAP Done initial handshake (1) eap_teap: (TLS) TEAP - Handshake state - before SSL initialization (1) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization (1) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization (1) eap_teap: (TLS) TEAP - recv TLS 1.3 Handshake, ClientHello" Client send TLS 1.3 handshake "(1) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client hello (1) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHello" radius response with TLS 1.2 handshake (in radius config is set tls_max_ version = "1.2") I haven't seen the full debud dump, but it looks like windows supplicant is not responding to handshake with TLS version 1.2. A possible solution is to either set the Windows client to use only TLS 1.2 (registry settings [HKEY_ LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ Protocols\TLS 1.3\Client]), or set ls_max_version = "1.3" in the radius configuration. But be careful here, as far as I know, Windows still does not support session resumption in TLS 1.3. Petr ""